CVE-2024-35972Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime15 documents8 sources
Severity
5.5MEDIUMNVD
OSV6.8
EPSS
0.0%
top 99.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedMay 20
Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

NVDlinux/linux_kernel5.55.10.216+4
Debianlinux/linux_kernel< 6.8.9-1+1
Ubuntulinux/linux_kernel< 6.8.0-38.38

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

6
OSV
linux-oracle vulnerabilities2024-07-26
OSV
linux-aws vulnerabilities2024-07-23
OSV
linux-gke, linux-nvidia vulnerabilities2024-07-16
OSV
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities2024-07-11
GHSA
GHSA-m8w5-v3r7-7546: In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzallo2024-05-20

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23
Ubuntu
Linux kernel vulnerabilities2024-07-16
Ubuntu
Linux kernel vulnerabilities2024-07-11
Red Hat
kernel: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()2024-05-20

💬Community

1
Bugzilla
CVE-2024-35972 kernel: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()2024-05-20