CVE-2024-57841 is a memory leak vulnerability identified in the Linux kernel's TCP networking stack, specifically within the tcp_conn_request() function. The issue arises when the function inet_csk_reqsk_queue_hash_add() returns false, causing tcp_conn_request() to exit without freeing the destination (dst) memory that was allocated via af_ops->route_req. This memory allocation is part of the routing subsystem, where dst structures represent cached routing information. The vulnerability was detected through kmemleak, a kernel memory leak detector, which identified unreferenced objects in the kernel memory allocated during TCP connection request processing. The root cause is a missing call to dst_release() to free the allocated dst memory when inet_csk_reqsk_queue_hash_add() fails. This leads to a gradual memory leak in the kernel's networking code, potentially causing increased memory consumption over time, which can degrade system performance or lead to resource exhaustion. The vulnerability affects multiple Linux kernel versions identified by specific commit hashes, indicating it is present in several recent kernel builds. No known exploits are reported in the wild as of the publication date (January 15, 2025), and no CVSS score has been assigned. The fix involves ensuring that dst_release() is called to properly free the allocated memory when the queue hash addition fails, preventing the leak.

For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions, which are common in servers, network appliances, and embedded devices. The memory leak can lead to gradual degradation of system stability and performance, especially in high-traffic network environments such as data centers, cloud infrastructure, and telecommunications equipment. Over time, the leak could cause kernel memory exhaustion, potentially leading to system crashes or forced reboots, impacting availability of critical services. While this vulnerability does not directly allow code execution or privilege escalation, the denial-of-service-like impact through resource exhaustion can disrupt business operations. Organizations relying on Linux-based infrastructure for web hosting, financial services, healthcare, or critical industrial control systems could experience service interruptions. Additionally, the leak could be exploited by attackers to increase the likelihood of denial-of-service conditions by triggering numerous TCP connection requests, amplifying the impact. Given the widespread use of Linux in European IT environments, the vulnerability's impact could be significant if left unpatched.

To mitigate CVE-2024-57841, European organizations should: 1) Identify and inventory all Linux systems running affected kernel versions by checking kernel commit hashes or version numbers. 2) Apply the official Linux kernel patches that fix the memory leak as soon as they become available from trusted sources such as the Linux kernel mailing list or vendor security advisories. 3) For systems where immediate patching is not feasible, implement monitoring of kernel memory usage and network subsystem metrics to detect abnormal memory growth indicative of the leak. 4) Limit exposure by restricting unnecessary TCP connection requests from untrusted networks, using firewall rules or network segmentation to reduce attack surface. 5) Employ kernel live patching solutions if supported by the environment to apply fixes without downtime. 6) Regularly update and audit network-facing services to ensure they do not inadvertently trigger excessive TCP connection requests. 7) Engage with Linux distribution vendors for backported patches and security updates tailored to their kernels. These steps go beyond generic advice by emphasizing proactive inventory, monitoring, and network-level controls specific to this vulnerability's nature.