{"vulnerability": "cve-2024-41066", "sightings": [{"uuid": "e93fbef9-e2e7-48e2-b5c2-6abf06930b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-41066", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "5a0c32c4-e807-4ef6-9f11-29e7a616fec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41066", "type": "seen", "source": "https://t.me/cvedetector/1865", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41066 - \"IBMvnic skb Leak Prevention\"\", \n  \"Content\": \"CVE ID : CVE-2024-41066 \nPublished : July 29, 2024, 3:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nibmvnic: Add tx check to prevent skb leak  \n  \nBelow is a summary of how the driver stores a reference to an skb during  \ntransmit:  \n    tx_buff[free_map[consumer_index]]->skb = new_skb;  \n    free_map[consumer_index] = IBMVNIC_INVALID_MAP;  \n    consumer_index ++;  \nWhere variable data looks like this:  \n    free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]  \n                                                consumer_index^  \n    tx_buff == [skb=null, skb=, skb=, skb=null, skb=null]  \n  \nThe driver has checks to ensure that free_map[consumer_index] pointed to  \na valid index but there was no check to ensure that this index pointed  \nto an unused/null skb address. So, if, by some chance, our free_map and  \ntx_buff lists become out of sync then we were previously risking an  \nskb memory leak. This could then cause tcp congestion control to stop  \nsending packets, eventually leading to ETIMEDOUT.  \n  \nTherefore, add a conditional to ensure that the skb address is null. If  \nnot then warn the user (because this is still a bug that should be  \npatched) and free the old pointer to prevent memleak/tcp problems. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T17:58:10.000000Z"}]}