In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks").

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel E4s
  • Rhel Eus

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.24.1.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:4349 2024-07-08T00:00:00Z
kernel-0:5.14.0-427.24.1.el9_4 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:4349 2024-07-08T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
kernel-0:5.14.0-70.112.1.el9_0 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2024:5257 2024-08-13T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.71.1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:4108 2024-06-26T00:00:00Z
kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2 cpe:/a:redhat:rhel_eus:9.2::nfv RHSA-2024:4106 2024-06-26T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2024/05/08/4 cve-icon cve-icon cve-icon
http://xenbits.xen.org/xsa/advisory-457.html cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4 cve-icon cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024050835-CVE-2024-27393-b804@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-27393 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-27393 cve-icon
History

Tue, 13 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0
Vendors & Products Redhat rhel E4s
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-09T16:37:07.973Z

Updated: 2024-08-02T00:34:52.268Z

Reserved: 2024-02-25T13:47:42.677Z

Link: CVE-2024-27393

cve-icon Vulnrichment

Updated: 2024-08-02T00:34:52.268Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T15:12:26.993

Modified: 2024-06-10T17:16:23.223

Link: CVE-2024-27393

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-08T00:00:00Z

Links: CVE-2024-27393 - Bugzilla