Login Sign Up

CVE-2024-27388

5.5 MEDIUM

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's SUNRPC subsystem within the gssx_dec_option_array function. When triggered, it causes the kernel to fail to free allocated memory in error-handling paths, potentially leading to resource exhaustion. This affects any system running vulnerable Linux kernel versions with SUNRPC functionality enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable kernel versions not explicitly stated in CVE description; check git commits for exact ranges
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires SUNRPC subsystem to be enabled/used; many distributions enable this by default for NFS and other services.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic.

🟠

Likely Case

Memory leak gradually consumes kernel resources, potentially leading to performance degradation or system instability over time.

🟢

If Mitigated

With proper resource limits and monitoring, impact is limited to potential performance issues rather than complete system failure.

🌐 Internet-Facing: LOW - Requires specific SUNRPC functionality and typically not directly exposed to internet without additional vulnerable services.
🏢 Internal Only: MEDIUM - Internal systems using SUNRPC/RPC services could be affected, potentially impacting NFS or other RPC-dependent services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific error conditions in gssx_dec_option_array; likely requires local access or ability to interact with SUNRPC services.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific kernel version from provided git commits: 3cfcfc102a5e57b021b786a755a38935e357797d and others

Vendor Advisory: https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SUNRPC if not needed

linux

Disable SUNRPC subsystem if not required for system functionality

echo "install sunrpc /bin/true" >> /etc/modprobe.d/disable-sunrpc.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Implement kernel memory monitoring and alerting for unusual consumption patterns
  • Restrict access to SUNRPC services to trusted systems only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against patched versions in git commits; examine if SUNRPC is enabled

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched version and test SUNRPC functionality

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • System instability logs
  • Memory exhaustion warnings in dmesg

Network Indicators:

  • Unusual SUNRPC/RPC traffic patterns

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer" OR "memory leak")

📊 Metadata

CVE ID: CVE-2024-27388
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: May 1, 2024
Last Updated: January 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27388, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)