CVE-2024-56644: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56644 is a vulnerability in the Linux kernel's IPv6 networking stack, discovered and disclosed on December 27, 2024. The issue affects the ip6_negative_advice() function when handling expired IPv6 routes in the exception table. This vulnerability results in a memory leak condition in the Linux kernel's networking subsystem (NVD).

The vulnerability occurs when specific conditions are met in the IPv6 networking stack: an ICMPv6 packet indicating a path MTU change creates an exception dst, a TCP connection using this dst begins timing out, and the FIB6 garbage collector doesn't run before TCP executes ip6_negative_advice() for the expired exception dst. The bug causes a reference counting issue where the dst object's refcount becomes unbalanced, leading to a memory leak. This occurs because a dst_hold() operation in ip6_negative_advice() counteracts the dst_release() in sk_dst_reset(), leaving an orphaned reference (Kernel Commit).

The primary impact of this vulnerability is a memory leak in the kernel, which can lead to resource exhaustion over time. In systems without the patch e5f80fcf869a ("ipv6: give an IPv6 dev to blackhole_netdev"), this manifests as an unbalanced refcount for the loopback device of a net namespace being destroyed, resulting in error messages like "unregister_netdevice: waiting for lo to become free. Usage count = 2" (Kernel Commit).

The vulnerability has been fixed by removing the dst_hold() operation in ip6_negative_advice(). The fix has been incorporated into various Linux kernel versions and distributions, including Debian 11 (bullseye) in version 6.1.6.1.128-1~deb11u1 (Debian Update). Users are recommended to update their kernel to a patched version.