PRIOn Logo

CVE-2024-43861 Spoofing

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.

CWE: CWE-401
CVSS v2-
CVSS v35.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662
https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4
https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5
https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f
https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446
https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384
https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882
https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202
Affected Vendors

Linux - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Spoofing

CVSS Scores as calculated by PRIOnengine
CVSS v27.8
AV:N/AC:L/AU:N/C:N/I:N/A:C
CVSS v37.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-