{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27418", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.683Z", "datePublished": "2024-05-17T11:51:11.270Z", "dateUpdated": "2025-05-04T09:04:43.806Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:04:43.806Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/mctp.h", "net/mctp/route.c"], "versions": [{"version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd", "status": "affected", "versionType": "git"}, {"version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "cbebc55ceacef1fc0651e80e0103cc184552fc68", "status": "affected", "versionType": "git"}, {"version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "a639441c880ac479495e5ab37e3c29f21ae5771b", "status": "affected", "versionType": "git"}, {"version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "3773d65ae5154ed7df404b050fd7387a36ab5ef3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/mctp.h", "net/mctp/route.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.81", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.21", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.9", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.7.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd"}, {"url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68"}, {"url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b"}, {"url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3"}], "title": "net: mctp: take ownership of skb in mctp_local_output", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.204Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27418", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:43:03.788972Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:24.616Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.204Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27418", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:43:03.788972Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.549Z"}}], "cna": {"title": "net: mctp: take ownership of skb in mctp_local_output", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd", "versionType": "git"}, {"status": "affected", "version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "cbebc55ceacef1fc0651e80e0103cc184552fc68", "versionType": "git"}, {"status": "affected", "version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "a639441c880ac479495e5ab37e3c29f21ae5771b", "versionType": "git"}, {"status": "affected", "version": "833ef3b91de692ef33b800bca6b1569c39dece74", "lessThan": "3773d65ae5154ed7df404b050fd7387a36ab5ef3", "versionType": "git"}], "programFiles": ["include/net/mctp.h", "net/mctp/route.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.81", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.21", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.9", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/net/mctp.h", "net/mctp/route.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd"}, {"url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68"}, {"url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b"}, {"url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:54:44.938Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27418", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:54:44.938Z", "dateReserved": "2024-02-25T13:47:42.683Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T11:51:11.270Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2ECB5026-799D-4601-AB4F-9B63FD8911E5", "versionEndExcluding": "6.1.81", "versionStartIncluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B19074A2-9FE5-4E7D-9E2D-020F95013ADA", "versionEndExcluding": "6.6.21", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C538467-EDA0-4A9A-82EB-2925DE9FF827", "versionEndExcluding": "6.7.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*", "matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: mctp: toma posesi\u00f3n de skb en mctp_local_output Actualmente, mctp_local_output solo toma propiedad de skb en caso de \u00e9xito, y podemos filtrar un fallo skb si mctp_local_output en estados espec\u00edficos; la propiedad del skb no se transfiere hasta que se produce el enrutamiento de salida real. En su lugar, haga que mctp_local_output libere el skb en todas las rutas de error hasta la acci\u00f3n de ruta, de modo que siempre consuma el skb pasado."}], "id": "CVE-2024-27418", "lastModified": "2025-09-26T16:22:11.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T12:15:13.520", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: mctp: take ownership of skb in mctp_local_output", "id": "2281095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281095"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-131", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: mctp: take ownership of skb in mctp_local_output\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb.", "A vulnerability was found in the Linux kernel's Management Component Transport Protocol (MCTP) networking subsystem. This issue occurs in `mctp_local_output`, where improper handling of the socket buffer (`skb`) could lead to security vulnerabilities."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27418", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27418\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27418\nhttps://lore.kernel.org/linux-cve-announce/2024051703-CVE-2024-27418-3cda@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}

{"created": "2025-07-13T21:07:03.725713+00:00", "updated": "2025-07-13T21:07:03.725774+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}