{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53236", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:25.026Z", "datePublished": "2024-12-27T13:50:22.320Z", "dateUpdated": "2025-05-04T09:56:41.282Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:56:41.282Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Free skb when TX metadata options are invalid\n\nWhen a new skb is allocated for transmitting an xsk descriptor, i.e., for\nevery non-multibuf descriptor or the first frag of a multibuf descriptor,\nbut the descriptor is later found to have invalid options set for the TX\nmetadata, the new skb is never freed. This can leak skbs until the send\nbuffer is full which makes sending more packets impossible.\n\nFix this by freeing the skb in the error path if we are currently dealing\nwith the first frag, i.e., an skb allocated in this iteration of\nxsk_build_skb."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/xdp/xsk.c"], "versions": [{"version": "48eb03dd26304c24f03bdbb9382e89c8564e71df", "lessThan": "7f0d0dd5a7f437d83cff954bc321f1a9b181efd5", "status": "affected", "versionType": "git"}, {"version": "48eb03dd26304c24f03bdbb9382e89c8564e71df", "lessThan": "d5d346deb65efa8453f8481bcea75c1a590439e7", "status": "affected", "versionType": "git"}, {"version": "48eb03dd26304c24f03bdbb9382e89c8564e71df", "lessThan": "0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/xdp/xsk.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.11", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.11.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7f0d0dd5a7f437d83cff954bc321f1a9b181efd5"}, {"url": "https://git.kernel.org/stable/c/d5d346deb65efa8453f8481bcea75c1a590439e7"}, {"url": "https://git.kernel.org/stable/c/0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de"}], "title": "xsk: Free skb when TX metadata options are invalid", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF76D5FF-944B-4187-AE80-15327D64BB22", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Free skb when TX metadata options are invalid\n\nWhen a new skb is allocated for transmitting an xsk descriptor, i.e., for\nevery non-multibuf descriptor or the first frag of a multibuf descriptor,\nbut the descriptor is later found to have invalid options set for the TX\nmetadata, the new skb is never freed. This can leak skbs until the send\nbuffer is full which makes sending more packets impossible.\n\nFix this by freeing the skb in the error path if we are currently dealing\nwith the first frag, i.e., an skb allocated in this iteration of\nxsk_build_skb."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: liberar skb cuando las opciones de metadatos TX no son v\u00e1lidas Cuando se asigna un nuevo skb para transmitir un descriptor xsk, es decir, para cada descriptor que no sea multibuf o el primer fragmento de un descriptor multibuf, pero luego se descubre que el descriptor tiene opciones no v\u00e1lidas establecidas para los metadatos TX, el nuevo skb nunca se libera. Esto puede filtrar skbs hasta que el b\u00fafer de env\u00edo est\u00e9 lleno, lo que hace imposible enviar m\u00e1s paquetes. Solucione esto liberando el skb en la ruta de error si actualmente estamos tratando con el primer fragmento, es decir, un skb asignado en esta iteraci\u00f3n de xsk_build_skb."}], "id": "CVE-2024-53236", "lastModified": "2025-10-08T13:47:04.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-27T14:15:32.013", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f0d0dd5a7f437d83cff954bc321f1a9b181efd5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d5d346deb65efa8453f8481bcea75c1a590439e7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: xsk: Free skb when TX metadata options are invalid", "id": "2334395", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334395"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nxsk: Free skb when TX metadata options are invalid\nWhen a new skb is allocated for transmitting an xsk descriptor, i.e., for\nevery non-multibuf descriptor or the first frag of a multibuf descriptor,\nbut the descriptor is later found to have invalid options set for the TX\nmetadata, the new skb is never freed. This can leak skbs until the send\nbuffer is full which makes sending more packets impossible.\nFix this by freeing the skb in the error path if we are currently dealing\nwith the first frag, i.e., an skb allocated in this iteration of\nxsk_build_skb."], "name": "CVE-2024-53236", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53236\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53236\nhttps://lore.kernel.org/linux-cve-announce/2024122738-CVE-2024-53236-0ab4@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-12T16:01:26.356126+00:00", "updated": "2025-07-12T16:01:26.356192+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}