Unrated severityNVD Advisory· Published Dec 27, 2024· Updated May 4, 2025

xsk: Free skb when TX metadata options are invalid

CVE-2024-53236

Description

In the Linux kernel, the following vulnerability has been resolved:

When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later found to have invalid options set for the TX metadata, the new skb is never freed. This can leak skbs until the send buffer is full which makes sending more packets impossible.

Fix this by freeing the skb in the error path if we are currently dealing with the first frag, i.e., an skb allocated in this iteration of xsk_build_skb.

Affected products

Linux/Linux Kernel Rtllm-fuzzy
osv-coords69 versions
pkg:deb/ubuntu/linux@6.11.0-18.18?arch=source&distro=oracular pkg:deb/ubuntu/linux-aws@6.11.0-1009.10?arch=source&distro=oracular pkg:deb/ubuntu/linux-azure@6.11.0-1009.9?arch=source&distro=oracular pkg:deb/ubuntu/linux-gcp@6.11.0-1009.9?arch=source&distro=oracular pkg:deb/ubuntu/linux-lowlatency@6.11.0-1010.11?arch=source&distro=oracular pkg:deb/ubuntu/linux-oracle@6.11.0-1011.12?arch=source&distro=oracular pkg:deb/ubuntu/linux-raspi@6.11.0-1008.8?arch=source&distro=oracular pkg:deb/ubuntu/linux-realtime@6.11.0-1005.5?arch=source&distro=oracular pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_5&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_5&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.11.0-18.18+ 68 more
- (no CPE)range: < 6.11.0-18.18
- (no CPE)range: < 6.11.0-1009.10
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1010.11
- (no CPE)range: < 6.11.0-1011.12
- (no CPE)range: < 6.11.0-1008.8
- (no CPE)range: < 6.11.0-1005.5
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1.150600.12.16.2
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.38.1.150600.12.16.2
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-150600.1.3.1
- (no CPE)range: < 1-150600.13.3.2
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
Linux/Linuxcpe-rescue
Range: 6.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000