How severe is CVE-2024-39490?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2024-39490?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2024-39490

MEDIUM Year: 2024

CVSS v3 Score

6.2

Medium

Weakness Type

CWE-401

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into a packet, delegating the operation to the seg6_input_core(). This function uses the skb_cow_head() to ensure that there is sufficient headroom in the sk_buff for accommodating the link-layer header. In the event that the skb_cow_header() function fails, the seg6_input_core() catches the error but it does not release the sk_buff, which will result in a memory leak. This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due to headroom too small after SRH push") and persists even after commit 7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"), where the entire seg6_input() code was refactored to deal with netfilter hooks. The proposed patch addresses the identified memory leak by requiring the seg6_input_core() function to release the sk_buff in the event that skb_cow_head() fails.

CVE-2021-30002

MEDIUM

CVSS:6.2(Medium)

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338...

CWE-4012021

CVE-2024-3860

MEDIUM

CVSS:6.2(Medium)

An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125.

CWE-4012024

CVE-2023-52581

MEDIUM

CVSS:6.3(Medium)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch t...

CWE-4012023

CVE-2022-25479

MEDIUM

CVSS:6.1(Medium)

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leaka...

CWE-4012022

CVE-2016-10155

MEDIUM

CVSS:6.0(Medium)

Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large ...

CWE-4012016

CVE-2022-35894

MEDIUM

CVSS:6.0(Medium)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specifie...

CWE-4012022

CVE-2024-39490

Vulnerability Description

Related Vulnerabilities

CVE-2021-30002

CVE-2024-3860

CVE-2023-52581

CVE-2022-25479

CVE-2016-10155

CVE-2022-35894