CVE-2024-35853 — Missing Release of Memory after Effective Lifetime in Linux
CWE-401 — Missing Release of Memory after Effective LifetimeCWE-416 — Use After Free42 documents8 sources
Severity
6.4MEDIUMNVD
OSV7.0OSV6.5OSV5.5
EPSS
0.2%
top 59.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 17
Latest updateSep 18
Description
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
The rehash delayed work migrates filters from one region to another.
This is done by iterating over all chunks (all the filters with the same
priority) in the region and in each chunk iterating over all the
filters.
If the migration fails, the code tries to migrate the filters back to
the old region. However, the rollback itself can also fail in which case
another migrat…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 1.6 | Impact: 4.7
Affected Packages7 packages
▶CVEListV5linux/linux843500518509128a935edab96bd8efef7c54669e — c6f3fa7f5a748bf6e5c4eb742686d6952f854e76+7
Also affects: Debian Linux 10.0