CVE-2024-27388

Published: May 1, 2024Modified: Jan 14, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

Affected (9)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.10 to 4.19.311
Linux Linux Kernel	From 4.20 to 5.4.273
Linux Linux Kernel	From 5.11 to 5.15.153
Linux Linux Kernel	From 5.16 to 6.1.83
Linux Linux Kernel	From 5.5 to 5.10.214
Linux Linux Kernel	From 6.2 to 6.6.23
Linux Linux Kernel	From 6.7 to 6.7.11
Linux Linux Kernel	From 6.8 to 6.8.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (20)

https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.