CVE-2024-1394 is a high-severity memory leak vulnerability identified in the RSA encryption/decryption implementation within the Golang FIPS-compliant OpenSSL wrapper used by Red Hat Ansible Automation Platform 2.4 on RHEL 8. The flaw arises from improper handling of memory objects 'pkey' and 'ctx' during error conditions in the rsa.go source code. Specifically, the function responsible for RSA operations uses named return parameters and a deferred cleanup function intended to free these objects if initialization or property setting fails. However, all error return paths follow a pattern that returns nil values for 'pkey' and 'ctx', causing the deferred cleanup function to receive nil pointers and thus fail to release allocated memory. This results in a memory leak that can be triggered by attacker-controlled inputs, potentially leading to resource exhaustion on the affected system. The vulnerability has a CVSS 3.1 base score of 7.5, reflecting its network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability degradation without compromising confidentiality or integrity. Although no known exploits are reported in the wild, the flaw could be leveraged in denial-of-service attacks against systems running the vulnerable Ansible Automation Platform version, especially in environments processing untrusted inputs or exposed to external networks. The vulnerability is specific to Red Hat Ansible Automation Platform 2.4 on RHEL 8, which integrates Golang FIPS OpenSSL libraries for cryptographic operations.

For European organizations utilizing Red Hat Ansible Automation Platform 2.4 on RHEL 8, this vulnerability poses a significant risk of denial-of-service through resource exhaustion. An attacker could craft malicious inputs to the RSA encryption/decryption routines, causing the application to leak memory continuously until system resources are depleted, potentially leading to service outages or degraded performance. This can disrupt automation workflows critical for IT operations, configuration management, and deployment pipelines. Given the widespread use of Ansible in enterprise environments across Europe, including sectors such as finance, manufacturing, and government, the availability impact could affect business continuity and operational stability. While the vulnerability does not directly compromise data confidentiality or integrity, the resulting downtime or degraded service availability can have cascading effects on dependent systems and services. Organizations with externally accessible Ansible automation interfaces or those processing untrusted inputs are at higher risk. The lack of required authentication or user interaction for exploitation further increases the threat surface.

To mitigate this vulnerability, European organizations should prioritize updating Red Hat Ansible Automation Platform to a patched version once available from Red Hat. In the interim, organizations can implement the following specific measures: 1) Restrict network access to Ansible Automation Platform interfaces to trusted internal networks or VPNs to reduce exposure to attacker-controlled inputs. 2) Implement strict input validation and sanitization on any user-supplied data that may be processed by the RSA cryptographic functions to minimize malformed or malicious inputs triggering the leak. 3) Monitor system memory usage and set up alerts for abnormal memory consumption patterns indicative of a leak or resource exhaustion attack. 4) Employ resource limits (e.g., cgroups or container memory limits) to contain the impact of potential memory leaks and prevent system-wide outages. 5) Review and harden automation workflows to avoid processing untrusted or unnecessary cryptographic operations. 6) Engage with Red Hat support to obtain any available patches or workarounds and apply them promptly. These targeted mitigations go beyond generic advice by focusing on access control, input hygiene, proactive monitoring, and resource containment specific to this memory leak vulnerability.