CVE-2024-35956 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
OSV6.8
EPSS
0.0%
top 99.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateJul 26
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
Create subvolume, create snapshot and delete subvolume all use
btrfs_subvolume_reserve_metadata() to reserve metadata for the changes
done to the parent subvolume's fs tree, which cannot be mediated in the
normal way via start_transaction. When quota groups (squota or qgroups)
are enabled, this reserves qgroup metadata of type PREALLOC. Once the
operation is a…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages9 packages
▶CVEListV5linux/linuxe85fde5162bf1b242cbd6daf7dba0f9b457d592b — 945559be6e282a812dc48f7bcd5adc60901ea4a0+5
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities↗2024-07-11
GHSA▶
GHSA-3xrx-73h3-j99c: In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
Create subvo↗2024-05-20
📋Vendor Advisories
7💬Community
1Bugzilla▶
CVE-2024-35956 kernel: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations↗2024-05-20