CVE-2024-53175 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
OSV8.8
EPSS
0.0%
top 99.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 27
Latest updateMay 26
Description
In the Linux kernel, the following vulnerability has been resolved:
ipc: fix memleak if msg_init_ns failed in create_ipc_ns
Percpu memory allocation may failed during create_ipc_ns however this
fail is not handled properly since ipc sysctls and mq sysctls is not
released properly. Fix this by release these two resource when failure.
Here is the kmemleak stack when percpu failed:
unreferenced object 0xffff88819de2a600 (size 512):
comm "shmem_2nstest", pid 120711, jiffies 4300542254
hex dump (…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
▶CVEListV5linux/linux72d1e611082eda18689106a0c192f2827072713c — 3d230cfd4b9b0558c7b2039ba1def2ce6b6cd158+5
Patches
🔴Vulnerability Details
14OSV▶
linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracl↗2025-04-23