CVE-2024-36954

Published: May 30, 2024Modified: Jan 14, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.

Affected (17)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.14.235 to 4.15
Linux Linux Kernel	From 4.19.193 to 4.19.314
Linux Linux Kernel	From 4.4.271 to 4.5
Linux Linux Kernel	From 4.9.271 to 4.10
Linux Linux Kernel	From 5.10.42 to 5.10.217
Linux Linux Kernel	From 5.12.9 to 5.15.159
Linux Linux Kernel	From 5.16 to 6.1.91
Linux Linux Kernel	From 5.4.124 to 5.4.276
Linux Linux Kernel	From 6.2 to 6.6.31
Linux Linux Kernel	From 6.7 to 6.8.10
Linux Linux Kernel	Version 6.9 rc1
Linux Linux Kernel	Version 6.9 rc2
Linux Linux Kernel	Version 6.9 rc3
Linux Linux Kernel	Version 6.9 rc4
Linux Linux Kernel	Version 6.9 rc5
Linux Linux Kernel	Version 6.9 rc6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (18)

https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.