5.5

CVE-2024-35972

EPSS 0.01%
Published 20.05.2024 10:15:12
Last modified 21.11.2024 09:21:19
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()

If ulp = kzalloc() fails, the allocated edev will leak because it is
not properly assigned and the cleanup path will not be able to free it.
Fix it by assigning it properly immediately after allocation.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.216

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.158

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.87

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.28

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

Patch

https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Patch

https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-35972

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35972

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35972

EUVD