CVE-2024-56644: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56644 is a vulnerability in the Linux kernel's IPv6 networking stack, discovered and disclosed on December 27, 2024. The issue affects the ip6negativeadvice() function when handling expired IPv6 routes in the exception table. This vulnerability results in a memory leak condition in the Linux kernel's networking subsystem (NVD).

The vulnerability occurs when specific conditions are met in the IPv6 networking stack: an ICMPv6 packet indicating a path MTU change creates an exception dst, a TCP connection using this dst begins timing out, and the FIB6 garbage collector doesn't run before TCP executes ip6negativeadvice() for the expired exception dst. The bug causes a reference counting issue where the dst object's refcount becomes unbalanced, leading to a memory leak. This occurs because a dsthold() operation in ip6negativeadvice() counteracts the dstrelease() in skdstreset(), leaving an orphaned reference (Kernel Commit).

The primary impact of this vulnerability is a memory leak in the kernel, which can lead to resource exhaustion over time. In systems without the patch e5f80fcf869a ("ipv6: give an IPv6 dev to blackholenetdev"), this manifests as an unbalanced refcount for the loopback device of a net namespace being destroyed, resulting in error messages like "unregisternetdevice: waiting for lo to become free. Usage count = 2" (Kernel Commit).

The vulnerability has been fixed by removing the dsthold() operation in ip6negative_advice(). The fix has been incorporated into various Linux kernel versions and distributions, including Debian 11 (bullseye) in version 6.1.6.1.128-1~deb11u1 (Debian Update). Users are recommended to update their kernel to a patched version.