Linux · Linux Kernel · CVE-2024-27393
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to v6.8
Description:
The issue is related to a memory leak in the Linux kernel due to a missing call to `page pool release page()` between versions v5.9 to v5.14. The leak became visible in version v6.8 via a commit that catches page pool memory leaks. The vulnerability is associated with the `xen-netfront` module and the `skb mark for recycle()` function. Exploitation of this issue could allow an attacker to cause a denial of service.
Recommendations:
To resolve the issue, update the Linux kernel to version v6.8 or later.
As a temporary workaround, consider restricting access to the `xen-netfront` module to minimize the risk of exploitation.