5.5

CVE-2023-53617

soc: aspeed: socinfo: Add kfree for kstrdup

In the Linux kernel, the following vulnerability has been resolved:

soc: aspeed: socinfo: Add kfree for kstrdup

Add kfree() in the later error handling in order to avoid memory leak.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.128
LinuxLinux Kernel Version >= 5.16 < 6.1.47
LinuxLinux Kernel Version >= 6.2 < 6.4.12
LinuxLinux Kernel Version6.5 Updaterc1
LinuxLinux Kernel Version6.5 Updaterc2
LinuxLinux Kernel Version6.5 Updaterc3
LinuxLinux Kernel Version6.5 Updaterc4
LinuxLinux Kernel Version6.5 Updaterc5
LinuxLinux Kernel Version6.5 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.083
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/dfb9676ed25be25ca7cd198d0f0e093b76b7bc7f
Patch
https://git.kernel.org/stable/c/b662856b71343d9e731c1cd4bbe54758c7791abb
Patch
https://git.kernel.org/stable/c/d9a5ad4477d2a11e9b03f00c52694451e9332228
Patch
https://git.kernel.org/stable/c/6e6d847a8ce18ab2fbec4f579f682486a82d2c6b
Patch