CVE-2024-35852Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime42 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.0OSV6.5
EPSS
0.0%
top 92.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedMay 17
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended. Otherwise, it is rescheduled immediately. After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash" the above is no longer accurate as a non-negative number of credits is no longer

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel5.15.4.275+6
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+2
CVEListV5linux/linuxc9c9af91f1d9a636aecc55302c792538e549a43051cefc9da400b953fee749c9e5d26cd4a2b5d758+7
debiandebian/linux< linux 6.1.90-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

20
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-lowlatency, linux-raspi vulnerabilities2024-08-13
OSV
linux-azure vulnerabilities2024-08-13
OSV
linux-oem-6.8 vulnerabilities2024-08-12
OSV
linux-nvidia-lowlatency, linux-oracle vulnerabilities2024-08-09

📋Vendor Advisories

20
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel vulnerabilities2024-08-13
Ubuntu
Linux kernel (OEM) vulnerabilities2024-08-12
Ubuntu
Linux kernel vulnerabilities2024-08-09
Ubuntu
Linux kernel vulnerabilities2024-08-08

💬Community

1
Bugzilla
CVE-2024-35852 kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work2024-05-18