5.5

CVE-2024-26887

Bluetooth: btusb: Fix memory leak

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btusb: Fix memory leak

This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same logic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.6 < 6.6.23
LinuxLinux Kernel Version >= 6.7 < 6.7.11
LinuxLinux Kernel Version >= 6.8 < 6.8.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.125
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/620b9e60e4b55fa55540ce852a0f3c9e6091dbbc
Patch
https://git.kernel.org/stable/c/79f4127a502c5905f04da1f20a7bbe07103fb77c
Patch
https://git.kernel.org/stable/c/b08bd8f02a24e2b82fece5ac51dc1c3d9aa6c404
Patch
https://git.kernel.org/stable/c/b10e6f6b160a60b98fb7476028f5a95405bbd725
Patch