CVE-2024-35972

Published: May 20, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

Affected (5)

Products: Linux: Linux Kernel

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.11 to 5.15.158
Linux Linux Kernel	From 5.16 to 6.1.87
Linux Linux Kernel	From 5.5 to 5.10.216
Linux Linux Kernel	From 6.2 to 6.6.28
Linux Linux Kernel	From 6.7 to 6.8.7

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.