CVE-2024-1394 is a vulnerability identified in the Red Hat Ansible Automation Platform 2.4 running on Red Hat Enterprise Linux 8, stemming from a memory leak in the Golang FIPS OpenSSL RSA encryption/decryption code. Specifically, the leak occurs in the rsa.go file at line 113, where two critical objects, pkey and ctx, are not properly released after their effective lifetime during error handling. The function uses named return parameters and a deferred cleanup function intended to free these objects if an error occurs during context initialization or property setting. However, due to the error return pattern "return nil, nil, fail(...)" the deferred function receives nil pointers for pkey and ctx, preventing their release and causing a memory leak. This leak can be exploited by an attacker supplying crafted inputs to trigger repeated error conditions, leading to resource exhaustion on the host system. The vulnerability has a CVSS 3.1 base score of 7.5, reflecting high severity due to its potential to cause denial of service without requiring authentication or user interaction. Although it does not compromise data confidentiality or integrity, the exhaustion of memory resources can disrupt automation workflows critical to enterprise operations. No public exploits have been reported yet, but the nature of the flaw suggests that automated or scripted attacks could be feasible once exploit code is developed. The affected product is widely used in enterprise environments for automating IT infrastructure, making this vulnerability a significant operational risk if left unaddressed.

For European organizations, the primary impact of CVE-2024-1394 is the risk of denial of service through resource exhaustion on systems running Red Hat Ansible Automation Platform 2.4 on RHEL 8. Ansible is commonly used for configuration management and orchestration across many industries, including finance, manufacturing, and government. A successful exploitation could disrupt critical automation tasks, leading to operational delays, increased manual workload, and potential cascading failures in IT environments. Since the vulnerability does not affect confidentiality or integrity, data breaches are unlikely; however, availability impacts could be severe, especially in environments relying heavily on automated processes for compliance and uptime. European organizations with exposed Ansible endpoints or those processing untrusted inputs in automation workflows are at higher risk. The absence of required authentication lowers the barrier for attackers to exploit this flaw remotely, increasing the threat landscape. Additionally, the lack of known exploits currently provides a window for proactive mitigation before widespread attacks occur.

1. Apply official patches from Red Hat as soon as they become available to address the memory leak in the Golang FIPS OpenSSL RSA code. 2. Until patches are deployed, restrict network access to Ansible Automation Platform endpoints to trusted management networks only, minimizing exposure to untrusted or external sources. 3. Implement resource monitoring and alerting on systems running Ansible to detect abnormal memory usage patterns indicative of exploitation attempts. 4. Review and harden automation playbooks and inputs to ensure they do not process untrusted or malformed data that could trigger the vulnerability. 5. Consider deploying rate limiting or input validation mechanisms on interfaces interacting with Ansible to reduce the risk of repeated error-triggering requests. 6. Maintain up-to-date inventory of Ansible versions and RHEL 8 deployments to prioritize remediation efforts. 7. Engage in threat hunting and log analysis to identify any anomalous activity related to this vulnerability. 8. Educate operational teams about the potential impact and signs of exploitation to enable rapid response.