CVE-2024-27393

MEDIUM

Linux Kernel 5.9-5.14, 5.16-6.1.84, 6.2-6.6.25, 6.7-6.8.4 - Use-After-Free in xen-netfront

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks").

References (7)

Core 7

Scores

CVSS v3 5.5
EPSS 0.0025
EPSS Percentile 16.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-401
Status published
Products (18)
linux/Kernel 5.16.0 - 6.1.85linux
linux/Kernel 5.9.0 - 5.15.154linux
linux/Kernel 6.2.0 - 6.6.26linux
linux/Kernel 6.7.0 - 6.8.5linux
Linux/Linux < 5.9
Linux/Linux 5.15.154 - 5.15.*
Linux/Linux 5.9
Linux/Linux 6.1.85 - 6.1.*
Linux/Linux 6.6.26 - 6.6.*
Linux/Linux 6.8.5 - 6.8.*
... and 8 more
Published May 14, 2024
Tracked Since Feb 18, 2026