CVE-2024-41001 — Missing Release of Memory after Effective Lifetime in Linux

CWE-401 — Missing Release of Memory after Effective Lifetime CWE-402 — Resource Leak20 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 89.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +8 more

Timeline

PublishedJul 12

Latest updateSep 23

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connect handling: unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2e481b1a): [] kmemleak_a…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

▶NVDlinux/linux_kernel6.2 — 6.6.36+2

▶Debianlinux/linux_kernel< 6.1.99-1+2

▶Ubuntulinux/linux_kernel< 6.8.0-44.44

▶msrcmsrc/azl3_kernel_6.6.35.1-5_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.47.1-1_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-hwe-6.8↗2024-09-23

▶

OSV

linux-raspi vulnerabilities↗2024-09-23

▶

OSV

linux-lowlatency-hwe-6.8 vulnerabilities↗2024-09-13

▶

OSV

linux-nvidia-6.8 vulnerabilities↗2024-09-13

▶

OSV

linux-nvidia, linux-nvidia-lowlatency vulnerabilities↗2024-09-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2024-09-23

▶

Ubuntu

Linux kernel vulnerabilities↗2024-09-23

▶

Ubuntu

Linux kernel vulnerabilities↗2024-09-13

▶

Ubuntu

Linux kernel vulnerabilities↗2024-09-13

▶

Ubuntu

Linux kernel vulnerabilities↗2024-09-12

▶

External resources

NVD MITRE

Affected products11

Debian Linuxfixed in linux 6.1.99-1 (bookworm)

Debian Linux-6.1fixed in linux 6.1.99-1 (bookworm)

Linux≥ 2b188cc1bb857a9d4701ae59aa7768b5124e262e, < 55c22375cbaa24f77dd13f9ae0642915444a1227≥ 2b188cc1bb857a9d4701ae59aa7768b5124e262e, < 9e810bd995823786ea30543e480e8a573e5e5667≥ 2b188cc1bb857a9d4701ae59aa7768b5124e262e, < a40e90d9304629002fb17200f7779823a81191d3+2 more

Linux Kernel≥ 0, < 6.1.99-1≥ 0, < 6.9.7-1fixed in 6.1.96+3 more

Msrc Azl3 Kernel 6.6.35.1-5 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.47.1-1 ON Azure Linux 3.0

Msrc Azure Linux 3.0 ARM

Msrc Azure Linux 3.0 X64

Msrc Cbl2 Kernel 5.15.186.1-1 ON CBL Mariner 2.0

Msrc Cbl2 Kernel 5.15.200.1-1 ON CBL Mariner 2.0

Disclosure

PublishedJul 12, 2024

Latest updateSep 23, 2024