{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57841", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-15T13:08:59.716Z", "datePublished": "2025-01-15T13:10:26.842Z", "dateUpdated": "2025-10-01T19:57:18.572Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T13:01:26.346Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in tcp_conn_request()\n\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops->route_req.\n\nHere is the kmemleak stack:\n\nunreferenced object 0xffff8881198631c0 (size 240):\n comm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\n hex dump (first 32 bytes):\n 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................\n 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U..............\n backtrace:\n [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80\n [<ffffffffba11b4c5>] dst_alloc+0x55/0x250\n [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0\n [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50\n [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240\n [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90\n [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500\n [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0\n [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0\n [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0\n [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80\n [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360\n [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0\n [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360\n [<ffffffffba239ead>] ip_rcv+0xad/0x2f0\n [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140\n\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_input.c"], "versions": [{"version": "527bec1f56ac7a2fceb8eb77eb0fc2678ecba394", "lessThan": "9d38959677291552d1b0ed2689a540af279b5bf8", "status": "affected", "versionType": "git"}, {"version": "c14f3c3793f7a785763e353df7fc40426187f832", "lessThan": "de3f999bf8aee16e9da1c1224191abdc69e97c9d", "status": "affected", "versionType": "git"}, {"version": "fdae4d139f4778b20a40c60705c53f5f146459b5", "lessThan": "2af69905180b3fea12f9c1db374b153a06977021", "status": "affected", "versionType": "git"}, {"version": "ff46e3b4421923937b7f6e44ffcd3549a074f321", "lessThan": "b0b190218c78d8aeecfba36ea3a90063b3ede52d", "status": "affected", "versionType": "git"}, {"version": "ff46e3b4421923937b7f6e44ffcd3549a074f321", "lessThan": "4f4aa4aa28142d53f8b06585c478476cfe325cfc", "status": "affected", "versionType": "git"}, {"version": "360892e60710427229fc1f7bb2218cf4d578229b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_input.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.176", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.124", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.70", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.9", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.162", "versionEndExcluding": "5.15.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.97", "versionEndExcluding": "6.1.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.37", "versionEndExcluding": "6.6.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.12.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9d38959677291552d1b0ed2689a540af279b5bf8"}, {"url": "https://git.kernel.org/stable/c/de3f999bf8aee16e9da1c1224191abdc69e97c9d"}, {"url": "https://git.kernel.org/stable/c/2af69905180b3fea12f9c1db374b153a06977021"}, {"url": "https://git.kernel.org/stable/c/b0b190218c78d8aeecfba36ea3a90063b3ede52d"}, {"url": "https://git.kernel.org/stable/c/4f4aa4aa28142d53f8b06585c478476cfe325cfc"}], "title": "net: fix memory leak in tcp_conn_request()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-57841", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:54:23.329434Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T19:57:18.572Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-57841", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:54:23.329434Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T15:54:34.176Z"}}], "cna": {"title": "net: fix memory leak in tcp_conn_request()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "527bec1f56ac7a2fceb8eb77eb0fc2678ecba394", "lessThan": "9d38959677291552d1b0ed2689a540af279b5bf8", "versionType": "git"}, {"status": "affected", "version": "c14f3c3793f7a785763e353df7fc40426187f832", "lessThan": "de3f999bf8aee16e9da1c1224191abdc69e97c9d", "versionType": "git"}, {"status": "affected", "version": "fdae4d139f4778b20a40c60705c53f5f146459b5", "lessThan": "2af69905180b3fea12f9c1db374b153a06977021", "versionType": "git"}, {"status": "affected", "version": "ff46e3b4421923937b7f6e44ffcd3549a074f321", "lessThan": "b0b190218c78d8aeecfba36ea3a90063b3ede52d", "versionType": "git"}, {"status": "affected", "version": "ff46e3b4421923937b7f6e44ffcd3549a074f321", "lessThan": "4f4aa4aa28142d53f8b06585c478476cfe325cfc", "versionType": "git"}, {"status": "affected", "version": "360892e60710427229fc1f7bb2218cf4d578229b", "versionType": "git"}], "programFiles": ["net/ipv4/tcp_input.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.10"}, {"status": "unaffected", "version": "0", "lessThan": "6.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.176", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.124", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.70", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.12.9", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv4/tcp_input.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9d38959677291552d1b0ed2689a540af279b5bf8"}, {"url": "https://git.kernel.org/stable/c/de3f999bf8aee16e9da1c1224191abdc69e97c9d"}, {"url": "https://git.kernel.org/stable/c/2af69905180b3fea12f9c1db374b153a06977021"}, {"url": "https://git.kernel.org/stable/c/b0b190218c78d8aeecfba36ea3a90063b3ede52d"}, {"url": "https://git.kernel.org/stable/c/4f4aa4aa28142d53f8b06585c478476cfe325cfc"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in tcp_conn_request()\n\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops->route_req.\n\nHere is the kmemleak stack:\n\nunreferenced object 0xffff8881198631c0 (size 240):\n comm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\n hex dump (first 32 bytes):\n 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................\n 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U..............\n backtrace:\n [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80\n [<ffffffffba11b4c5>] dst_alloc+0x55/0x250\n [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0\n [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50\n [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240\n [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90\n [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500\n [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0\n [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0\n [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0\n [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80\n [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360\n [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0\n [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360\n [<ffffffffba239ead>] ip_rcv+0xad/0x2f0\n [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140\n\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request()."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.176", "versionStartIncluding": "5.15.162"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.124", "versionStartIncluding": "6.1.97"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.70", "versionStartIncluding": "6.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12.9", "versionStartIncluding": "6.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.13", "versionStartIncluding": "6.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.9.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T13:01:26.346Z"}}}, "cveMetadata": {"cveId": "CVE-2024-57841", "state": "PUBLISHED", "dateUpdated": "2025-10-01T19:57:18.572Z", "dateReserved": "2025-01-15T13:08:59.716Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-01-15T13:10:26.842Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "88DBFD98-7785-4A6A-AA7F-8C2715361050", "versionEndExcluding": "5.15.176", "versionStartIncluding": "5.15.162", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7305E5A6-B62F-45D3-AA4A-0E2F640E6E09", "versionEndExcluding": "6.1.124", "versionStartIncluding": "6.1.97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "79218475-6B07-4205-9FAA-0AFB7784D237", "versionEndExcluding": "6.6.70", "versionStartIncluding": "6.6.37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0A6EA8F-92C6-43F5-808B-8C50A4D7AB9D", "versionEndExcluding": "6.12.9", "versionStartIncluding": "6.9.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in tcp_conn_request()\n\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops->route_req.\n\nHere is the kmemleak stack:\n\nunreferenced object 0xffff8881198631c0 (size 240):\n comm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\n hex dump (first 32 bytes):\n 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................\n 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U..............\n backtrace:\n [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80\n [<ffffffffba11b4c5>] dst_alloc+0x55/0x250\n [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0\n [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50\n [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240\n [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90\n [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500\n [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0\n [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0\n [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0\n [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80\n [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360\n [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0\n [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360\n [<ffffffffba239ead>] ip_rcv+0xad/0x2f0\n [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140\n\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: se corrige p\u00e9rdida de memoria en tcp_conn_request() Si inet_csk_reqsk_queue_hash_add() devuelve falso, tcp_conn_request() devolver\u00e1 sin liberar la memoria dst, que se asign\u00f3 en af_ops-&gt;route_req. Aqu\u00ed est\u00e1 la pila de kmemleak: objeto sin referencia 0xffff8881198631c0 (tama\u00f1o 240): comm \"softirq\", pid 0, jiffies 4299266571 (edad 1802.392s) volcado hexadecimal (primeros 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ff ................ 81 55 18 bb ff ff ff ff ff 00 00 00 00 00 00 00 00 .U.............. backtrace: [] kmem_cache_alloc+0x60c/0xa80 [] dst_alloc+0x55/0x250 [] rt_dst_alloc+0x46/0x1d0 [] __mkroute_output+0x29a/0xa50 [] ip_route_output_key_hash+0x10b/0x240 [] ip_route_output_flow+0x1d/0x90 [] inet_csk_route_req+0x2c5/0x500 [] tcp_conn_request+0x691/0x12c0 [] tcp_rcv_state_process+0x3c8/0x11b0 [] tcp_v4_do_rcv+0x156/0x3b0 [] tcp_v4_rcv+0x1cf8/0x1d80 [] ip_protocol_deliver_rcu+0xf6/0x360 [] ip_local_deliver_finish+0xe6/0x1e0 [] ip_local_deliver+0xee/0x360 [] ip_rcv+0xad/0x2f0 [] __netif_receive_skb_one_core+0x123/0x140 Llame a dst_release() para liberar la memoria dst cuando inet_csk_reqsk_queue_hash_add() devuelva falso en tcp_conn_request()."}], "id": "CVE-2024-57841", "lastModified": "2025-10-01T20:17:57.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-15T13:15:12.130", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2af69905180b3fea12f9c1db374b153a06977021"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f4aa4aa28142d53f8b06585c478476cfe325cfc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9d38959677291552d1b0ed2689a540af279b5bf8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b0b190218c78d8aeecfba36ea3a90063b3ede52d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/de3f999bf8aee16e9da1c1224191abdc69e97c9d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: net: fix memory leak in tcp_conn_request()", "id": "2338203", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338203"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: fix memory leak in tcp_conn_request()\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops->route_req.\nHere is the kmemleak stack:\nunreferenced object 0xffff8881198631c0 (size 240):\ncomm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\nhex dump (first 32 bytes):\n00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................\n81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U..............\nbacktrace:\n[<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80\n[<ffffffffba11b4c5>] dst_alloc+0x55/0x250\n[<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0\n[<ffffffffba23050a>] __mkroute_output+0x29a/0xa50\n[<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240\n[<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90\n[<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500\n[<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0\n[<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0\n[<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0\n[<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80\n[<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360\n[<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0\n[<ffffffffba239b8e>] ip_local_deliver+0xee/0x360\n[<ffffffffba239ead>] ip_rcv+0xad/0x2f0\n[<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request()."], "name": "CVE-2024-57841", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57841\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57841\nhttps://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57841-751f@gregkh/T"], "threat_severity": "Moderate"}