CVE-2023-52662 — Missing Release of Memory after Effective Lifetime in Linux

CWE-401 — Missing Release of Memory after Effective Lifetime37 documents8 sources

Severity

5.5MEDIUMNVD

OSV7.0OSV6.5

EPSS

0.0%

top 99.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +4 more

Timeline

PublishedMay 17

Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, including *res allocated by kmalloc and ttm_resource_init.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

▶NVDlinux/linux_kernel5.14 — 5.15.153+4

▶Debianlinux/linux_kernel< 6.1.85-1+2

▶Ubuntulinux/linux_kernel< 5.15.0-112.122+1

▶CVEListV5linux/linuxd3bcb4b02fe977d6b7a82dbb6288e9223b5b6732 — 03b1072616a8f7d6e8594f643b416a9467c83fbf+6

▶debiandebian/linux< linux 6.1.85-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-raspi vulnerabilities↗2024-07-26

▶

OSV

linux-ibm-5.15 vulnerabilities↗2024-07-10

▶

OSV

linux-hwe-5.15 vulnerabilities↗2024-07-04

▶

OSV

linux-oracle vulnerabilities↗2024-07-04

▶

OSV

linux-azure, linux-azure-fde vulnerabilities↗2024-06-14

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2024-07-26

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2024-07-10

▶

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2024-07-04

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2024-07-04

▶

Ubuntu

Linux kernel vulnerabilities↗2024-06-14

▶

💬Community

Bugzilla

CVE-2023-52662 kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node↗2024-05-18

▶