CVE-2024-50170: 
CBL Mariner vulnerability analysis and mitigation

CVE-2024-50170 is a memory leak vulnerability discovered in the Linux kernel's bcmasp network driver. The vulnerability was identified in the bcmasp_xmit() function, which returns NETDEV_TX_OK without freeing skb in case of mapping failures. The issue affects Linux kernel versions from 6.6 up to 6.6.59, from 6.7 up to 6.11.6, and specific release candidates of version 6.12 (NVD).

The vulnerability exists in the bcmasp_xmit() function within the Linux kernel's Broadcom ASP2.0 Ethernet controller driver. The function fails to properly free memory resources when mapping operations fail, leading to a potential memory leak. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on system availability (NVD).

The vulnerability can result in memory leaks in the Linux kernel when the bcmasp network driver is processing network packets. This could potentially lead to system resource exhaustion over time, affecting system availability (NVD).

The vulnerability has been fixed by adding a dev_kfree_skb() call to properly free the skb in case of mapping failures. The fix has been implemented in the Linux kernel through a patch that addresses the memory leak in the bcmasp_xmit() function (Kernel Patch).