{"vulnerability": "CVE-2024-41006", "sightings": [{"uuid": "59937dc1-8079-4d29-a67a-943a547ffa38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41006", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "7c168da9-82ed-42ba-91da-68ef426ac6a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41006", "type": "seen", "source": "https://t.me/cvedetector/724", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41006 - In the Linux kernel, the following vulnerability h\", \n  \"Content\": \"CVE ID : CVE-2024-41006 \nPublished : July 12, 2024, 1:15 p.m. | 39\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnetrom: Fix a memory leak in nr_heartbeat_expiry()  \n  \nsyzbot reported a memory leak in nr_create() [0].  \n  \nCommit 409db27e3a2e (\"netrom: Fix use-after-free of a listening socket.\")  \nadded sock_hold() to the nr_heartbeat_expiry() function, where  \na) a socket has a SOCK_DESTROY flag or  \nb) a listening socket has a SOCK_DEAD flag.  \n  \nBut in the case \"a,\" when the SOCK_DESTROY flag is set, the file descriptor  \nhas already been closed and the nr_release() function has been called.  \nSo it makes no sense to hold the reference count because no one will  \ncall another nr_destroy_socket() and put it as in the case \"b.\"  \n  \nnr_connect  \n  nr_establish_data_link  \n    nr_start_heartbeat  \n  \nnr_release  \n  switch (nr->state)  \n  case NR_STATE_3  \n    nr->state = NR_STATE_2  \n    sock_set_flag(sk, SOCK_DESTROY);  \n  \n                        nr_rx_frame  \n                          nr_process_rx_frame  \n                            switch (nr->state)  \n                            case NR_STATE_2  \n                              nr_state2_machine()  \n                                nr_disconnect()  \n                                  nr_sk(sk)->state = NR_STATE_0  \n                                  sock_set_flag(sk, SOCK_DEAD)  \n  \n                        nr_heartbeat_expiry  \n                          switch (nr->state)  \n                          case NR_STATE_0  \n                            if (sock_flag(sk, SOCK_DESTROY) ||  \n                               (sk->sk_state == TCP_LISTEN  \n                                 && sock_flag(sk, SOCK_DEAD)))  \n                               sock_hold()  // ( !!! )  \n                               nr_destroy_socket()  \n  \nTo fix the memory leak, let's call sock_hold() only for a listening socket.  \n  \nFound by InfoTeCS on behalf of Linux Verification Center  \n(linuxtesting.org) with Syzkaller.  \n  \n[0]:  \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T16:04:58.000000Z"}]}