PT-2024-5794 · Linux+6 · Linux Kernel+6

Sabrina Dubroca

·

Published

2024-05-21

·

Updated

2025-09-29

·

CVE-2024-39489

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a memory leak in the Linux kernel's ipv6 component, specifically in the seg6 hmac init algo function. This function returns without cleaning up previous allocations if one fails, leading to a memory leak and potential denial of service. The vulnerability can be exploited to cause a denial of service.
Recommendations Update the Linux kernel to a version that includes the fix for the memleak in seg6 hmac init algo. As a temporary workaround, consider disabling the seg6 hmac init algo function until a patch is available. Restrict access to the ipv6 component to minimize the risk of exploitation.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2024-11524
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-17597
BDU:2024-06524
CVE-2024-39489
DSA-5730-1
OESA-2024-1860
OESA-2024-1861
OESA-2024-1862
OESA-2024-1863
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6951-1
USN-6951-2
USN-6951-3
USN-6951-4
USN-6953-1
USN-6979-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7029-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu