SB2024070207 - Memory leak in Linux kernel sched
Published: July 2, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070207
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-35893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/f190a4aa03cbd518bd9c62a66e1233984f5fd2ec
- https://git.kernel.org/stable/c/f356eb2fb567e0931143ac1769ac802d3b3e2077
- https://git.kernel.org/stable/c/5e45dc4408857305f4685abfd7a528a1e58b51b5
- https://git.kernel.org/stable/c/a097fc199ab5f4b5392c5144034c0d2148b55a14
- https://git.kernel.org/stable/c/55d3fe7b2b7bc354e7cbc1f7b8f98a29ccd5a366
- https://git.kernel.org/stable/c/729ad2ac2a2cdc9f4a4bdfd40bfd276e6bc33924
- https://git.kernel.org/stable/c/7bb2c7103d8c13b06a57bf997b8cdbe93cd7283c
- https://git.kernel.org/stable/c/d313eb8b77557a6d5855f42d2234bd592c7b50dd
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.5