CVE-2024-39489: Linux kernel enhance memory management on IPv6 feature (11 July 2024)

Preface: The Linux kernel implements most of its IPv6 parts from USAGI. USAGI project was founded to improve and develop Linux IPv6 stack. The integrated USAGI version/release is unknown. Implemented into the kernel are the core functions of USAGI; the “standard” user-level programs provide basic IPv6 functionality.

Background: IPv6 converting to using crypto_pool has the following advantages.

– now SR uses asynchronous API which may potentially free CPU cycles and improve performance for of CPU crypto algorithm providers;

– hash descriptors now don’t have to be allocated on boot, but only at the moment SR starts using HMAC and until the last HMAC secret is deleted;

– potentially reuse ahash_request(s) for different users

– allocate only one per-CPU scratch buffer rather than a new one for

  each user

– have a common API for net/ users that need ahash on RX/TX fast path

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it’s going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly.

Official announcement: For detail, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2024-39489

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.