CVE-2024-43861: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-43861 is a memory leak vulnerability discovered in the Linux kernel's USB QMI WWAN (Wireless Wide Area Network) driver. The vulnerability was identified in the handling of non-IP packets in the qmi_wwan driver, where memory allocated for network packets was not properly freed when non-IP packets were received (NVD).

The vulnerability stems from a missing memory deallocation in the qmi_wwan driver's packet handling code. Specifically, when non-IP packets arrive, the allocated socket buffer (skb) was not being freed, leading to a memory leak. The issue was introduced in the commit that added QMAP multiplexing protocol support. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is on system availability (NVD).

The vulnerability results in a memory leak condition that could gradually consume system memory when non-IP packets are processed by the affected QMI WWAN driver. Over time, this could lead to degraded system performance or potential system instability due to memory exhaustion (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that properly frees the unused socket buffer when non-IP packets are received. The fix has been backported to multiple stable kernel versions including 5.4, 5.10, 5.15, and 6.1 series. Users should update their kernel to a patched version that includes the fix (Kernel Patch).