5.5

CVE-2023-53255

firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()

In the Linux kernel, the following vulnerability has been resolved:

firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()

svc_create_memory_pool() is only called from stratix10_svc_drv_probe().
Most of resources in the probe are managed, but not this memremap() call.

There is also no memunmap() call in the file.

So switch to devm_memremap() to avoid a resource leak.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.0 < 5.4.251
LinuxLinux Kernel Version >= 5.5 < 5.10.188
LinuxLinux Kernel Version >= 5.11 < 5.15.121
LinuxLinux Kernel Version >= 5.16 < 6.1.40
LinuxLinux Kernel Version >= 6.2 < 6.4.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.033
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/e3373e6b6c79aff698442b00d20c9f285d296e46
Patch
https://git.kernel.org/stable/c/c04ed61ebf01968d7699b121663982493ed577fb
Patch
https://git.kernel.org/stable/c/974ac045a05ad12a0b4578fb303f00dcc22f3aba
Patch
https://git.kernel.org/stable/c/cb8a31a56df8492fb0d900959238e1a3ff8b8981
Patch
https://git.kernel.org/stable/c/7363de081c793e47866cb54ce7cb8a480cffc259
Patch
https://git.kernel.org/stable/c/1995f15590ca222f91193ed11461862b450abfd6
Patch