CVE-2024-41078Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime36 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.1
EPSS
0.0%
top 96.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 29
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix quota root leak after quota disable failure If during the quota disable we fail when cleaning the quota tree or when deleting the root from the root tree, we jump to the 'out' label without ever dropping the reference on the quota root, resulting in a leak of the root since fs_info->quota_root is no longer pointing to the root (we have set it to NULL just before those steps). Fix this by always doing a btrf

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.115.15.164+5
Debianlinux/linux_kernel< 5.10.223-1+3
Ubuntulinux/linux_kernel< 5.15.0-125.135+1
CVEListV5linux/linuxbed92eae26ccf280d1a2168b7509447b56675a2794818bdb00ef34a996a06aa63d11f591074cb757+6
debiandebian/linux< linux 6.1.106-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

17
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities2024-12-09
OSV
linux-azure vulnerabilities2024-11-20
OSV
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities2024-11-19

📋Vendor Advisories

18
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-12-09
Ubuntu
Linux kernel (Azure) vulnerabilities2024-11-20