CVE-2024-27390

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()

As discussed in the past (commit 2d3916f31891 ("ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()")) I think the synchronize_net() call in ipv6_mc_down() is not needed.

Under load, synchronize_net() can last between 200 usec and 5 ms.

KASAN seems to agree as well.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf185de28d9ae6c978135993769352e523ee8df06 < 9d159d6637ccce25f879d662a480541ef4ba3a50affected
LinuxLinuxf185de28d9ae6c978135993769352e523ee8df06 < a03ede2282ebbd181bd6f5c38cbfcb5765afcd04affected
LinuxLinuxf185de28d9ae6c978135993769352e523ee8df06 < 26d4bac55750d535f1f0b8790dc26daf6089e373affected
LinuxLinuxf185de28d9ae6c978135993769352e523ee8df06 < 7eb06ee5921189812e6b4bfe7b0f1e878be16df7affected
LinuxLinuxf185de28d9ae6c978135993769352e523ee8df06 < 5da9a218340a2bc804dc4327e5804392e24a0b88affected
LinuxLinuxf185de28d9ae6c978135993769352e523ee8df06 < 17ef8efc00b34918b966388b2af0993811895a8caffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.153 <= 5.15.*unaffected
LinuxLinux6.1.83 <= 6.1.*unaffected
LinuxLinux6.6.23 <= 6.6.*unaffected
LinuxLinux6.7.11 <= 6.7.*unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References