5.5

CVE-2023-53276

ubifs: Free memory for tmpfile name

In the Linux kernel, the following vulnerability has been resolved:

ubifs: Free memory for tmpfile name

When opening a ubifs tmpfile on an encrypted directory, function
fscrypt_setup_filename allocates memory for the name that is to be
stored in the directory entry, but after the name has been copied to the
directory entry inode, the memory is not freed.

When running kmemleak on it we see that it is registered as a leak. The
report below is triggered by a simple program 'tmpfile' just opening a
tmpfile:

  unreferenced object 0xffff88810178f380 (size 32):
    comm "tmpfile", pid 509, jiffies 4294934744 (age 1524.742s)
    backtrace:
      __kmem_cache_alloc_node
      __kmalloc
      fscrypt_setup_filename
      ubifs_tmpfile
      vfs_tmpfile
      path_openat

Free this memory after it has been copied to the inode.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.14.315
LinuxLinux Kernel Version >= 4.15 < 4.19.283
LinuxLinux Kernel Version >= 4.20 < 5.4.243
LinuxLinux Kernel Version >= 5.5 < 5.10.180
LinuxLinux Kernel Version >= 5.11 < 5.15.111
LinuxLinux Kernel Version >= 5.16 < 6.1.28
LinuxLinux Kernel Version >= 6.2 < 6.2.15
LinuxLinux Kernel Version >= 6.3 < 6.3.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.044
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/8ad8c67a897e68426e85990ebfe0a7d1f71fc79f
Patch
https://git.kernel.org/stable/c/107d481642c356a5668058066360fc473911e628
Patch
https://git.kernel.org/stable/c/823f554747f8aafaa965fb2f3ae794110ed429ef
Patch
https://git.kernel.org/stable/c/b8f444a4fadfb5070ed7e298e0a5ceb4a18014f3
Patch
https://git.kernel.org/stable/c/ce840284929b75dbbf062e0ce7fcb78a63b08b5e
Patch
https://git.kernel.org/stable/c/29738e1bcc799dd754711d4e4aab967f0c018175
Patch
https://git.kernel.org/stable/c/fd197308c0e4f738c7ea687d5332035c5753881c
Patch
https://git.kernel.org/stable/c/1e43d4284bdc3bd34bd770fea13910ac37ab0618
Patch
https://git.kernel.org/stable/c/1fb815b38bb31d6af9bd0540b8652a0d6fe6cfd3
Patch