5.5
CVE-2024-36967
- EPSS 0.21%
- Veröffentlicht 08.06.2024 13:15:58
- Zuletzt bearbeitet 21.11.2024 09:22:55
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
KEYS: trusted: Fix memory leak in tpm2_key_encode()
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.13 < 5.15.160
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.92
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.32
Linux ≫ Linux Kernel Version >= 6.7 < 6.8.11
Linux ≫ Linux Kernel Version >= 6.9 < 6.9.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.114 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28
https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf
https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7
https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56
https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13
https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248