CVE-2024-46855: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46855 is a vulnerability in the Linux kernel's netfilter component, specifically in the nft_socket functionality. The issue was discovered and disclosed on September 27, 2024, affecting various versions of the Linux kernel from 4.19.76 through 6.10.11. The vulnerability stems from a socket reference count leak in the netfilter subsystem (NVD).

The vulnerability is related to improper socket reference counting in the nft_socket module of the Linux kernel's netfilter subsystem. The issue occurs when the socket reference ('sk') is not properly released before returning from certain code paths. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The primary impact of this vulnerability is a potential memory leak in the kernel due to unreleased socket references. This could lead to resource exhaustion and potentially affect system availability. The CVSS scoring indicates that while there is no direct impact on confidentiality or integrity, there could be a high impact on system availability (NVD).

The vulnerability has been fixed in multiple Linux kernel versions. The fix involves properly releasing socket references before returning from the affected code paths. Patches have been released for various kernel versions including 5.15.0-127.137, 6.8.0-50.51, and other stable releases. The fix was implemented by adding proper socket reference cleanup using goto out_put_sk statements (Kernel Patch).