CVE-2024-27390

ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() As discussed in the past (commit 2d3916f31891 ("ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()")) I think the synchronize_net() call in ipv6_mc_down() is not needed. Under load, synchronize_net() can last between 200 usec and 5 ms. KASAN seems to agree as well.

N/A
CVSS
Severity:
EPSS 0.14%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/9d159d6637ccce25f879d662a480541ef4ba3a50
https://git.kernel.org/stable/c/a03ede2282ebbd181bd6f5c38cbfcb5765afcd04
https://git.kernel.org/stable/c/26d4bac55750d535f1f0b8790dc26daf6089e373
https://git.kernel.org/stable/c/7eb06ee5921189812e6b4bfe7b0f1e878be16df7
https://git.kernel.org/stable/c/5da9a218340a2bc804dc4327e5804392e24a0b88
https://git.kernel.org/stable/c/17ef8efc00b34918b966388b2af0993811895a8c

Frequently Asked Questions

What is the severity of CVE-2024-27390?
CVE-2024-27390 has not yet been assigned a CVSS score.
How to fix CVE-2024-27390?
To fix CVE-2024-27390, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27390 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27390 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27390?
CVE-2024-27390 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.