In the Linux kernel, the following vulnerability has been resolved:

netrom: Fix a memory leak in nr_heartbeat_expiry()

syzbot reported a memory leak in nr_create() [0].

Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.")
added sock_hold() to the nr_heartbeat_expiry() function, where
a) a socket has a SOCK_DESTROY flag or
b) a listening socket has a SOCK_DEAD flag.

But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor
has already been closed and the nr_release() function has been called.
So it makes no sense to hold the reference count because no one will
call another nr_destroy_socket() and put it as in the case "b."

nr_connect
nr_establish_data_link
nr_start_heartbeat

nr_release
switch (nr->state)
case NR_STATE_3
nr->state = NR_STATE_2
sock_set_flag(sk, SOCK_DESTROY);

nr_rx_frame
nr_process_rx_frame
switch (nr->state)
case NR_STATE_2
nr_state2_machine()
nr_disconnect()
nr_sk(sk)->state = NR_STATE_0
sock_set_flag(sk, SOCK_DEAD)

nr_heartbeat_expiry
switch (nr->state)
case NR_STATE_0
if (sock_flag(sk, SOCK_DESTROY) ||
(sk->sk_state == TCP_LISTEN
&& sock_flag(sk, SOCK_DEAD)))
sock_hold() // ( !!! )
nr_destroy_socket()

To fix the memory leak, let's call sock_hold() only for a listening socket.

Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with Syzkaller.

[0]: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4008-1 linux-6.1 security update
Debian DSA Debian DSA DSA-5730-1 linux security update
Debian DSA Debian DSA DSA-5731-1 linux security update
Ubuntu USN Ubuntu USN USN-6999-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6999-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7003-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7003-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7003-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7003-4 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7003-5 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7004-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7005-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7005-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7006-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7007-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7007-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7007-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7008-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7009-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7009-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7019-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7029-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7853-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7853-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-7854-1 Linux kernel (KVM) vulnerabilities
Ubuntu USN Ubuntu USN USN-7853-3 Linux kernel (Azure) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/0b9130247f3b6a1122478471ff0e014ea96bb735 cve-icon cve-icon
https://git.kernel.org/stable/c/280cf1173726a7059b628c610c71050d5c0b6937 cve-icon cve-icon
https://git.kernel.org/stable/c/5391f9db2cab5ef1cb411be1ab7dbec728078fba cve-icon cve-icon
https://git.kernel.org/stable/c/a02fd5d775cf9787ee7698c797e20f2fa13d2e2b cve-icon cve-icon
https://git.kernel.org/stable/c/b6ebe4fed73eedeb73f4540f8edc4871945474c8 cve-icon cve-icon
https://git.kernel.org/stable/c/d377f5a28332954b19e373d36823e59830ab1712 cve-icon cve-icon
https://git.kernel.org/stable/c/d616876256b38ecf9a1a1c7d674192c5346bc69c cve-icon cve-icon
https://git.kernel.org/stable/c/e07a9c2a850cdebf625e7a1b8171bd23a8554313 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024071244-CVE-2024-41006-d24b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-41006 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-41006 cve-icon
History

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 21 Aug 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 14 Aug 2024 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-11-03T21:59:10.100Z

Reserved: 2024-07-12T12:17:45.610Z

Link: CVE-2024-41006

cve-icon Vulnrichment

Updated: 2024-08-02T04:39:56.157Z

cve-icon NVD

Status : Modified

Published: 2024-07-12T13:15:21.370

Modified: 2025-11-03T22:17:22.560

Link: CVE-2024-41006

cve-icon Redhat

Severity : Low

Publid Date: 2024-07-12T00:00:00Z

Links: CVE-2024-41006 - Bugzilla

cve-icon OpenCVE Enrichment

No data.