Vulnerability DatabaseCVE-2024-27390
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-27390
May 01, 2024
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() As discussed in the past (commit 2d3916f31891 ("ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()")) I think the synchronize_net() call in ipv6_mc_down() is not needed. Under load, synchronize_net() can last between 200 usec and 5 ms. KASAN seems to agree as well.
Related ResourcesĀ (9)
https://git.kernel.org/stable/c/7eb06ee5921189812e6b4bfe7b0f1e878be16df7
https://git.kernel.org/stable/c/26d4bac55750d535f1f0b8790dc26daf6089e373
https://nvd.nist.gov/vuln/detail/CVE-2024-27390
https://git.kernel.org/stable/c/5da9a218340a2bc804dc4327e5804392e24a0b88
https://git.kernel.org/stable/c/a03ede2282ebbd181bd6f5c38cbfcb5765afcd04
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
https://git.kernel.org/stable/c/9d159d6637ccce25f879d662a480541ef4ba3a50
https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27390.json
https://git.kernel.org/stable/c/17ef8efc00b34918b966388b2af0993811895a8c
Do you need more information?
Contact Us
CVSS v4
Base Score:
4.8
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
EPSS
Base Score:
0.01