VYPR
Unrated severityNVD Advisory· Published May 17, 2024· Updated May 4, 2025

net: mctp: take ownership of skb in mctp_local_output

CVE-2024-27418

Description

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: take ownership of skb in mctp_local_output

Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership isn't transferred until the actual output routing occurs.

Instead, make mctp_local_output free the skb on all error paths up to the route action, so it always consumes the passed skb.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

49

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.