5.5

CVE-2023-53126

scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()

Free mrioc->sas_hba.phy at .remove.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1 < 6.1.21
LinuxLinux Kernel Version >= 6.2 < 6.2.8
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.048
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/480aae2f30637b5140e9c7a9b10298e538df2b5e
Patch
https://git.kernel.org/stable/c/c60a7c7508645a9f36e4a18a5f548fb79378acd1
Patch
https://git.kernel.org/stable/c/d4caa1a4255cc44be56bcab3db2c97c632e6cc10
Patch