CVE-2024-26986 — Missing Release of Memory after Effective Lifetime in Linux

CWE-401 — Missing Release of Memory after Effective Lifetime12 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Fedoraproject Fedora

Timeline

PublishedMay 1

Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handling code path that is triggered when attempting to create KFD processes while a GPU reset is in progress.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel6.5 — 6.6.29+2

▶Debianlinux/linux_kernel< 6.8.9-1+1

▶CVEListV5linux/linux0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 — aa02d43367a9adf8c85fb382fea4171fb266c8d0+3

Also affects: Fedora 38, 39, 40

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-86v6-w4rr-wrw5: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a l↗2024-05-01

▶

OSV

CVE-2024-26986: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a lea↗2024-05-01

▶

CVEList

drm/amdkfd: Fix memory leak in create_process failure↗2024-05-01

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2024-07-26

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-23

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-16

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-11

▶

Microsoft

drm/amdkfd: Fix memory leak in create_process failure↗2024-05-14

▶

💬Community

Bugzilla

CVE-2024-26986 kernel: drm/amdkfd: Fix memory leak in create_process failure↗2024-05-01

▶