SB2024071313 - Memory leak in Linux kernel netrom
Published: July 13, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071313
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-41006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/d616876256b38ecf9a1a1c7d674192c5346bc69c
- https://git.kernel.org/stable/c/e07a9c2a850cdebf625e7a1b8171bd23a8554313
- https://git.kernel.org/stable/c/5391f9db2cab5ef1cb411be1ab7dbec728078fba
- https://git.kernel.org/stable/c/280cf1173726a7059b628c610c71050d5c0b6937
- https://git.kernel.org/stable/c/a02fd5d775cf9787ee7698c797e20f2fa13d2e2b
- https://git.kernel.org/stable/c/b6ebe4fed73eedeb73f4540f8edc4871945474c8
- https://git.kernel.org/stable/c/d377f5a28332954b19e373d36823e59830ab1712
- https://git.kernel.org/stable/c/0b9130247f3b6a1122478471ff0e014ea96bb735
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.36