Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount.

INFO

Published Date :

2024-05-17T11:51:07.803Z

Last Modified :

2025-05-04T09:04:42.491Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27417 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27417.

URL Resource
https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb cve-icon cve-icon
https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a cve-icon cve-icon
https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e cve-icon cve-icon
https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f cve-icon cve-icon
https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174 cve-icon cve-icon
https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906 cve-icon cve-icon
https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024051703-CVE-2024-27417-3841@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-27417 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-27417 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact