{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57841", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-15T13:08:59.716Z", "datePublished": "2025-01-15T13:10:26.842Z", "dateUpdated": "2025-01-15T13:10:26.842Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-15T13:10:26.842Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in tcp_conn_request()\n\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops->route_req.\n\nHere is the kmemleak stack:\n\nunreferenced object 0xffff8881198631c0 (size 240):\n comm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\n hex dump (first 32 bytes):\n 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................\n 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U..............\n backtrace:\n [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80\n [<ffffffffba11b4c5>] dst_alloc+0x55/0x250\n [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0\n [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50\n [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240\n [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90\n [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500\n [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0\n [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0\n [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0\n [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80\n [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360\n [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0\n [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360\n [<ffffffffba239ead>] ip_rcv+0xad/0x2f0\n [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140\n\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_input.c"], "versions": [{"version": "527bec1f56ac7a2fceb8eb77eb0fc2678ecba394", "lessThan": "9d38959677291552d1b0ed2689a540af279b5bf8", "status": "affected", "versionType": "git"}, {"version": "c14f3c3793f7a785763e353df7fc40426187f832", "lessThan": "de3f999bf8aee16e9da1c1224191abdc69e97c9d", "status": "affected", "versionType": "git"}, {"version": "fdae4d139f4778b20a40c60705c53f5f146459b5", "lessThan": "2af69905180b3fea12f9c1db374b153a06977021", "status": "affected", "versionType": "git"}, {"version": "ff46e3b4421923937b7f6e44ffcd3549a074f321", "lessThan": "b0b190218c78d8aeecfba36ea3a90063b3ede52d", "status": "affected", "versionType": "git"}, {"version": "ff46e3b4421923937b7f6e44ffcd3549a074f321", "lessThan": "4f4aa4aa28142d53f8b06585c478476cfe325cfc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_input.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.176", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.124", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.70", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.9", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13-rc6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9d38959677291552d1b0ed2689a540af279b5bf8"}, {"url": "https://git.kernel.org/stable/c/de3f999bf8aee16e9da1c1224191abdc69e97c9d"}, {"url": "https://git.kernel.org/stable/c/2af69905180b3fea12f9c1db374b153a06977021"}, {"url": "https://git.kernel.org/stable/c/b0b190218c78d8aeecfba36ea3a90063b3ede52d"}, {"url": "https://git.kernel.org/stable/c/4f4aa4aa28142d53f8b06585c478476cfe325cfc"}], "title": "net: fix memory leak in tcp_conn_request()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in tcp_conn_request()\n\nIf inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will\nreturn without free the dst memory, which allocated in af_ops->route_req.\n\nHere is the kmemleak stack:\n\nunreferenced object 0xffff8881198631c0 (size 240):\n comm \"softirq\", pid 0, jiffies 4299266571 (age 1802.392s)\n hex dump (first 32 bytes):\n 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................\n 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U..............\n backtrace:\n [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80\n [<ffffffffba11b4c5>] dst_alloc+0x55/0x250\n [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0\n [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50\n [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240\n [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90\n [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500\n [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0\n [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0\n [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0\n [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80\n [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360\n [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0\n [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360\n [<ffffffffba239ead>] ip_rcv+0xad/0x2f0\n [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140\n\nCall dst_release() to free the dst memory when\ninet_csk_reqsk_queue_hash_add() return false in tcp_conn_request()."}], "id": "CVE-2024-57841", "lastModified": "2025-01-15T13:15:12.130", "metrics": {}, "published": "2025-01-15T13:15:12.130", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2af69905180b3fea12f9c1db374b153a06977021"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4f4aa4aa28142d53f8b06585c478476cfe325cfc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9d38959677291552d1b0ed2689a540af279b5bf8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b0b190218c78d8aeecfba36ea3a90063b3ede52d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/de3f999bf8aee16e9da1c1224191abdc69e97c9d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}