In the Linux kernel, the following vulnerability has been resolved:

net: mctp: take ownership of skb in mctp_local_output

Currently, mctp_local_output only takes ownership of skb on success, and
we may leak an skb if mctp_local_output fails in specific states; the
skb ownership isn't transferred until the actual output routing occurs.

Instead, make mctp_local_output free the skb on all error paths up to
the route action, so it always consumes the passed skb.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 26 Sep 2025 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*

Wed, 06 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131

Thu, 12 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T09:04:43.806Z

Reserved: 2024-02-25T13:47:42.683Z

Link: CVE-2024-27418

cve-icon Vulnrichment

Updated: 2024-08-02T00:34:52.204Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-17T12:15:13.520

Modified: 2025-09-26T16:22:11.540

Link: CVE-2024-27418

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-27418 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T21:07:03Z