CVE-2024-53236 (GCVE-0-2024-53236)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2025-05-04 09:56
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later found to have invalid options set for the TX metadata, the new skb is never freed. This can leak skbs until the send buffer is full which makes sending more packets impossible. Fix this by freeing the skb in the error path if we are currently dealing with the first frag, i.e., an skb allocated in this iteration of xsk_build_skb.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 48eb03dd26304c24f03bdbb9382e89c8564e71df , < 7f0d0dd5a7f437d83cff954bc321f1a9b181efd5 (git)
Affected: 48eb03dd26304c24f03bdbb9382e89c8564e71df , < d5d346deb65efa8453f8481bcea75c1a590439e7 (git)
Affected: 48eb03dd26304c24f03bdbb9382e89c8564e71df , < 0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de (git)
Create a notification for this product.
    Linux Linux Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7f0d0dd5a7f437d83cff954bc321f1a9b181efd5",
              "status": "affected",
              "version": "48eb03dd26304c24f03bdbb9382e89c8564e71df",
              "versionType": "git"
            },
            {
              "lessThan": "d5d346deb65efa8453f8481bcea75c1a590439e7",
              "status": "affected",
              "version": "48eb03dd26304c24f03bdbb9382e89c8564e71df",
              "versionType": "git"
            },
            {
              "lessThan": "0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de",
              "status": "affected",
              "version": "48eb03dd26304c24f03bdbb9382e89c8564e71df",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Free skb when TX metadata options are invalid\n\nWhen a new skb is allocated for transmitting an xsk descriptor, i.e., for\nevery non-multibuf descriptor or the first frag of a multibuf descriptor,\nbut the descriptor is later found to have invalid options set for the TX\nmetadata, the new skb is never freed. This can leak skbs until the send\nbuffer is full which makes sending more packets impossible.\n\nFix this by freeing the skb in the error path if we are currently dealing\nwith the first frag, i.e., an skb allocated in this iteration of\nxsk_build_skb."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:56:41.282Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7f0d0dd5a7f437d83cff954bc321f1a9b181efd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5d346deb65efa8453f8481bcea75c1a590439e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de"
        }
      ],
      "title": "xsk: Free skb when TX metadata options are invalid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53236",
    "datePublished": "2024-12-27T13:50:22.320Z",
    "dateReserved": "2024-11-19T17:17:25.026Z",
    "dateUpdated": "2025-05-04T09:56:41.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxsk: Free skb when TX metadata options are invalid\\n\\nWhen a new skb is allocated for transmitting an xsk descriptor, i.e., for\\nevery non-multibuf descriptor or the first frag of a multibuf descriptor,\\nbut the descriptor is later found to have invalid options set for the TX\\nmetadata, the new skb is never freed. This can leak skbs until the send\\nbuffer is full which makes sending more packets impossible.\\n\\nFix this by freeing the skb in the error path if we are currently dealing\\nwith the first frag, i.e., an skb allocated in this iteration of\\nxsk_build_skb.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: liberar skb cuando las opciones de metadatos TX no son v\\u00e1lidas Cuando se asigna un nuevo skb para transmitir un descriptor xsk, es decir, para cada descriptor que no sea multibuf o el primer fragmento de un descriptor multibuf, pero luego se descubre que el descriptor tiene opciones no v\\u00e1lidas establecidas para los metadatos TX, el nuevo skb nunca se libera. Esto puede filtrar skbs hasta que el b\\u00fafer de env\\u00edo est\\u00e9 lleno, lo que hace imposible enviar m\\u00e1s paquetes. Solucione esto liberando el skb en la ruta de error si actualmente estamos tratando con el primer fragmento, es decir, un skb asignado en esta iteraci\\u00f3n de xsk_build_skb.\"}]",
      "id": "CVE-2024-53236",
      "lastModified": "2024-12-27T14:15:32.013",
      "published": "2024-12-27T14:15:32.013",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/7f0d0dd5a7f437d83cff954bc321f1a9b181efd5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/d5d346deb65efa8453f8481bcea75c1a590439e7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53236\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T14:15:32.013\",\"lastModified\":\"2025-10-08T13:47:04.790\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxsk: Free skb when TX metadata options are invalid\\n\\nWhen a new skb is allocated for transmitting an xsk descriptor, i.e., for\\nevery non-multibuf descriptor or the first frag of a multibuf descriptor,\\nbut the descriptor is later found to have invalid options set for the TX\\nmetadata, the new skb is never freed. This can leak skbs until the send\\nbuffer is full which makes sending more packets impossible.\\n\\nFix this by freeing the skb in the error path if we are currently dealing\\nwith the first frag, i.e., an skb allocated in this iteration of\\nxsk_build_skb.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: liberar skb cuando las opciones de metadatos TX no son v\u00e1lidas Cuando se asigna un nuevo skb para transmitir un descriptor xsk, es decir, para cada descriptor que no sea multibuf o el primer fragmento de un descriptor multibuf, pero luego se descubre que el descriptor tiene opciones no v\u00e1lidas establecidas para los metadatos TX, el nuevo skb nunca se libera. Esto puede filtrar skbs hasta que el b\u00fafer de env\u00edo est\u00e9 lleno, lo que hace imposible enviar m\u00e1s paquetes. Solucione esto liberando el skb en la ruta de error si actualmente estamos tratando con el primer fragmento, es decir, un skb asignado en esta iteraci\u00f3n de xsk_build_skb.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.11.11\",\"matchCriteriaId\":\"FF76D5FF-944B-4187-AE80-15327D64BB22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.12\",\"versionEndExcluding\":\"6.12.2\",\"matchCriteriaId\":\"D8882B1B-2ABC-4838-AC1D-DBDBB5764776\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7f0d0dd5a7f437d83cff954bc321f1a9b181efd5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d5d346deb65efa8453f8481bcea75c1a590439e7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.