CVE-2026-4247

Summary

A medium-severity memory leak vulnerability (CVE-2026-4247) has been identified in the Linux kernel's TCP stack, specifically in the tcp_respond() function responsible for sending TCP challenge ACK packets. An error handling path fails to free allocated memory (CWE-401).

Technical Details

The issue is classified under CWE-401 (Missing Release of Memory after Effective Lifetime). The tcp_respond() function allocates memory structures when constructing challenge ACK packets. In certain error conditions, the function exits without calling the corresponding deallocation routine, causing the allocated memory to leak.

Over time, repeated triggering of this code path gradually exhausts available kernel memory (kmalloc pools), leading to system instability.

Exploitation Context

• Vector: Remote / Network-based
• Authentication: Not required
• Complexity: Low
• Impact: Medium (Availability — gradual resource exhaustion)

While not immediately exploitable for code execution, sustained memory exhaustion attacks can render servers unresponsive, affecting all services running on the host.

Remediation

Linux administrators should immediately:

1. Apply the latest kernel patch that ensures proper memory deallocation in all tcp_respond() exit paths.
2. Monitor kernel memory usage (/proc/meminfo, slabtop) for abnormal growth patterns that may indicate active exploitation.
3. Implement rate limiting on incoming TCP connections to reduce the rate at which the memory leak can be triggered.

Precogs AI Integration

The Precogs AI Binary Security Platform traces memory allocation and deallocation paths in compiled kernel code, detecting asymmetric alloc/free patterns and error paths where allocated buffers are not released, identifying CWE-401 memory leak conditions before deployment.