CVE-2024-27393 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks").

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel E4s Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.24.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:4349	2024-07-08T00:00:00Z
kernel-0:5.14.0-427.24.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:4349	2024-07-08T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
kernel-0:5.14.0-70.112.1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:5257	2024-08-13T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.71.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4108	2024-06-26T00:00:00Z
kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4106	2024-06-26T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/05/08/4
http://xenbits.xen.org/xsa/advisory-457.html
https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f
https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629
https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1
https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6
https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4
https://lore.kernel.org/linux-cve-announce/2024050835-CVE-2024-27393-b804@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27393
https://www.cve.org/CVERecord?id=CVE-2024-27393

History

Tue, 08 Apr 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2024/05/08/4 http://xenbits.xen.org/xsa/advisory-457.html

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	http://www.openwall.com/lists/oss-security/2024/05/08/4 http://xenbits.xen.org/xsa/advisory-457.html

Mon, 04 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0
Vendors & Products		Redhat rhel E4s

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-09T16:37:07.973Z

Updated: 2024-12-19T08:54:09.014Z

Reserved: 2024-02-25T13:47:42.677Z

Link: CVE-2024-27393

Vulnrichment

Updated: 2024-08-02T00:34:52.268Z

NVD

Status : Analyzed

Published: 2024-05-14T15:12:26.993

Modified: 2025-04-08T19:42:11.457

Link: CVE-2024-27393

Redhat

Severity : Low

Publid Date: 2024-05-08T00:00:00Z

Links: CVE-2024-27393 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27393", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.677Z", "datePublished": "2024-05-09T16:37:07.973Z", "dateUpdated": "2024-12-19T08:54:09.014Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:54:09.014Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Add missing skb_mark_for_recycle\n\nNotice that skb_mark_for_recycle() is introduced later than fixes tag in\ncommit 6a5bcd84e886 (\"page_pool: Allow drivers to hint on SKB recycling\").\n\nIt is believed that fixes tag were missing a call to page_pool_release_page()\nbetween v5.9 to v5.14, after which is should have used skb_mark_for_recycle().\nSince v6.6 the call page_pool_release_page() were removed (in\ncommit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\")\nand remaining callers converted (in commit 6bfef2ec0172 (\"Merge branch\n'net-page_pool-remove-page_pool_release_page'\")).\n\nThis leak became visible in v6.8 via commit dba1b8a7ab68 (\"mm/page_pool: catch\npage_pool memory leaks\")."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/xen-netfront.c"], "versions": [{"version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "4143b9479caa29bb2380f3620dcbe16ea84eb3b1", "status": "affected", "versionType": "git"}, {"version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "7c1250796b6c262b505a46192f4716b8c6a6a8c6", "status": "affected", "versionType": "git"}, {"version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "27aa3e4b3088426b7e34584274ad45b5afaf7629", "status": "affected", "versionType": "git"}, {"version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "c8b7b2f158d9d4fb89cd2f68244af154f7549bb4", "status": "affected", "versionType": "git"}, {"version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "037965402a010898d34f4e35327d22c0a95cd51f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/xen-netfront.c"], "versions": [{"version": "5.9", "status": "affected"}, {"version": "0", "lessThan": "5.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.85", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1"}, {"url": "https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6"}, {"url": "https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629"}, {"url": "https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4"}, {"url": "https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f"}], "title": "xen-netfront: Add missing skb_mark_for_recycle", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-31T18:36:32.425649Z", "id": "CVE-2024-27393", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T18:49:42.053Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.268Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f", "tags": ["x_transferred"]}, {"url": "http://xenbits.xen.org/xsa/advisory-457.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/4", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f", "tags": ["x_transferred"]}, {"url": "http://xenbits.xen.org/xsa/advisory-457.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/08/4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.268Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27393", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-31T18:36:32.425649Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-31T18:36:36.639Z"}}], "cna": {"title": "xen-netfront: Add missing skb_mark_for_recycle", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "4143b9479caa29bb2380f3620dcbe16ea84eb3b1", "versionType": "git"}, {"status": "affected", "version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "7c1250796b6c262b505a46192f4716b8c6a6a8c6", "versionType": "git"}, {"status": "affected", "version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "27aa3e4b3088426b7e34584274ad45b5afaf7629", "versionType": "git"}, {"status": "affected", "version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "c8b7b2f158d9d4fb89cd2f68244af154f7549bb4", "versionType": "git"}, {"status": "affected", "version": "6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c", "lessThan": "037965402a010898d34f4e35327d22c0a95cd51f", "versionType": "git"}], "programFiles": ["drivers/net/xen-netfront.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.9"}, {"status": "unaffected", "version": "0", "lessThan": "5.9", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.154", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.85", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/xen-netfront.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1"}, {"url": "https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6"}, {"url": "https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629"}, {"url": "https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4"}, {"url": "https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Add missing skb_mark_for_recycle\n\nNotice that skb_mark_for_recycle() is introduced later than fixes tag in\ncommit 6a5bcd84e886 (\"page_pool: Allow drivers to hint on SKB recycling\").\n\nIt is believed that fixes tag were missing a call to page_pool_release_page()\nbetween v5.9 to v5.14, after which is should have used skb_mark_for_recycle().\nSince v6.6 the call page_pool_release_page() were removed (in\ncommit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\")\nand remaining callers converted (in commit 6bfef2ec0172 (\"Merge branch\n'net-page_pool-remove-page_pool_release_page'\")).\n\nThis leak became visible in v6.8 via commit dba1b8a7ab68 (\"mm/page_pool: catch\npage_pool memory leaks\")."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:54:09.014Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27393", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:54:09.014Z", "dateReserved": "2024-02-25T13:47:42.677Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-09T16:37:07.973Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15E220AB-9386-4168-BA23-71607F895ECA", "versionEndExcluding": "5.15.154", "versionStartIncluding": "5.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "325665BF-2409-49D9-B391-39AD4566FDBD", "versionEndExcluding": "6.1.85", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911", "versionEndExcluding": "6.6.26", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10", "versionEndExcluding": "6.8.5", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Add missing skb_mark_for_recycle\n\nNotice that skb_mark_for_recycle() is introduced later than fixes tag in\ncommit 6a5bcd84e886 (\"page_pool: Allow drivers to hint on SKB recycling\").\n\nIt is believed that fixes tag were missing a call to page_pool_release_page()\nbetween v5.9 to v5.14, after which is should have used skb_mark_for_recycle().\nSince v6.6 the call page_pool_release_page() were removed (in\ncommit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\")\nand remaining callers converted (in commit 6bfef2ec0172 (\"Merge branch\n'net-page_pool-remove-page_pool_release_page'\")).\n\nThis leak became visible in v6.8 via commit dba1b8a7ab68 (\"mm/page_pool: catch\npage_pool memory leaks\")."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xen-netfront: agrega skb_mark_for_recycle faltante. Tenga en cuenta que skb_mark_for_recycle() se introduce m\u00e1s tarde que la etiqueta de correcci\u00f3n en el commit 6a5bcd84e886 (\"page_pool: permitir que los controladores indiquen el reciclaje de SKB\"). Se cree que a la etiqueta de correcciones le faltaba una llamada a page_pool_release_page() entre v5.9 y v5.14, despu\u00e9s de lo cual deber\u00eda haber usado skb_mark_for_recycle(). Desde v6.6, la llamada page_pool_release_page() se elimin\u00f3 (en el commit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\") y las personas que llaman restantes se convirtieron (en el commit 6bfef2ec0172 (\"Merge Branch 'net-page_pool-remove-page_pool_release_page'\") ). Esta fuga se hizo visible en la versi\u00f3n 6.8 mediante el commit dba1b8a7ab68 (\"mm/page_pool: captura p\u00e9rdidas de memoria en page_pool\")."}], "id": "CVE-2024-27393", "lastModified": "2025-04-08T19:42:11.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T15:12:26.993", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/05/08/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-457.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4349", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.24.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4349", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.24.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:5257", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.112.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:4108", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.71.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4106", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-06-26T00:00:00Z"}], "bugzilla": {"description": "kernel: xen-netfront: Add missing skb_mark_for_recycle", "id": "2280745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280745"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nxen-netfront: Add missing skb_mark_for_recycle\nNotice that skb_mark_for_recycle() is introduced later than fixes tag in\ncommit 6a5bcd84e886 (\"page_pool: Allow drivers to hint on SKB recycling\").\nIt is believed that fixes tag were missing a call to page_pool_release_page()\nbetween v5.9 to v5.14, after which is should have used skb_mark_for_recycle().\nSince v6.6 the call page_pool_release_page() were removed (in\ncommit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\")\nand remaining callers converted (in commit 6bfef2ec0172 (\"Merge branch\n'net-page_pool-remove-page_pool_release_page'\")).\nThis leak became visible in v6.8 via commit dba1b8a7ab68 (\"mm/page_pool: catch\npage_pool memory leaks\")."], "name": "CVE-2024-27393", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27393\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27393\nhttps://lore.kernel.org/linux-cve-announce/2024050835-CVE-2024-27393-b804@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object