PT-2024-3622 · Linux+9 · Linux Kernel+9

Arthur Borsboom

Published

2024-03-28

Updated

2026-03-14

CVE-2024-27393

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v6.8

Description: The issue is related to a memory leak in the Linux kernel due to a missing call to page pool release page() between versions v5.9 to v5.14. The leak became visible in version v6.8 via a commit that catches page pool memory leaks. The vulnerability is associated with the xen-netfront module and the skb mark for recycle() function. Exploitation of this issue could allow an attacker to cause a denial of service.

Recommendations: To resolve the issue, update the Linux kernel to version v6.8 or later. As a temporary workaround, consider restricting access to the xen-netfront module to minimize the risk of exploitation.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2024:4349

ALSA-2025_16880

BDU:2024-03939

CVE-2024-27393

INFSA-2024_4349

OESA-2024-1706

OESA-2024-1707

RHSA-2024:4106

RHSA-2024:4108

RHSA-2024:4349

RHSA-2024:5257

RHSA-2024_4349

RLSA-2024:4349

RXSA-2024:4349

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6919-1

USN-6927-1

USN-7019-1

Affected Products

Almalinux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-3622 · Linux+9 · Linux Kernel+9

CVE-2024-27393

Weakness Enumeration

Related Identifiers

Affected Products

References · 3223