CVE-2024-39490: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-39490 affects the Linux kernel's IPv6 Segment Routing (SR) implementation. The vulnerability was discovered in July 2024 and involves a memory leak in the seg6inputcore() function. The issue occurs when the skbcowhead() function fails, as the seg6inputcore() function catches the error but fails to release the sk_buff, resulting in a memory leak (Kernel Git).

The vulnerability exists in the seg6input() function, which is responsible for adding the SRH (Segment Routing Header) into a packet by delegating the operation to seg6inputcore(). The function uses skbcowhead() to ensure sufficient headroom in the skbuff for accommodating the link-layer header. The issue was introduced in commit af3b5158b89d and persisted through commit 7a3f5b0de364, where the seg6_input() code was refactored to handle netfilter hooks. The CVSS v3.1 base score is 6.2 (Medium), with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability results in a memory leak when the skbcowheader() function fails. While this does not allow for arbitrary code execution, it can lead to resource exhaustion over time, potentially affecting system stability (Ubuntu Security).

The issue has been fixed by modifying the seg6inputcore() function to properly release the skbuff when skbcow_head() fails. The fix has been implemented in various Linux kernel versions, including Ubuntu 24.04 LTS (6.8.0-44.44), Ubuntu 22.04 LTS (5.15.0-121.131), and other distributions. Users are advised to update their systems to the patched kernel versions (Ubuntu Security).