CVE-2024-26669

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak vulnerability has been identified in the Linux kernel, specifically in the net/sched: flower module. This issue arises when a qdisc is deleted from a net device, and the stack fails to properly remove the flow offload callback from the associated filter block. As a result, the underlying driver never receives a 'FLOW CLS TMPLT DESTROY' command, leading to a memory leak. The vulnerability can be reproduced using specific commands, such as 'tc qdisc add dev swp1 clsact', 'tc chain add dev swp1 ingress proto ip chain 1 flower dst ip 0.0.0.0/32', and 'tc qdisc del dev'. The issue is caused by a commit that reordered the tcf block offload unbind() function before tcf block flush all chains() in tcf block put(), which cannot be reversed due to the expected order of operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.