vulnerability
Ubuntu: (CVE-2024-27418): linux-raspi-realtime vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | May 17, 2024 | Feb 11, 2025 | Sep 29, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
May 17, 2024
Added
Feb 11, 2025
Modified
Sep 29, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
net: mctp: take ownership of skb in mctp_local_output
Currently, mctp_local_output only takes ownership of skb on success, and
we may leak an skb if mctp_local_output fails in specific states; the
skb ownership isn't transferred until the actual output routing occurs.
Instead, make mctp_local_output free the skb on all error paths up to
the route action, so it always consumes the passed skb.
Solution
ubuntu-upgrade-linux-raspi-realtime
References
- CVE-2024-27418
- https://attackerkb.com/topics/CVE-2024-27418
- CWE-401
- URL-https://git.kernel.org/linus/3773d65ae5154ed7df404b050fd7387a36ab5ef3
- URL-https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3
- URL-https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd
- URL-https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b
- URL-https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68
- URL-https://www.cve.org/CVERecord?id=CVE-2024-27418
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.