5.5
CVE-2024-35908
- EPSS 0.21%
- Veröffentlicht 19.05.2024 09:15:11
- Zuletzt bearbeitet 24.09.2025 18:52:20
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
tls: get psock ref after taking rxlock to avoid leak
In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.0 < 6.1.85
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.26
Linux ≫ Linux Kernel Version >= 6.7 < 6.8.5
Linux ≫ Linux Kernel Version6.9 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.11 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8
https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be
https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3
https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096