5.5

CVE-2024-36967

KEYS: trusted: Fix memory leak in tpm2_key_encode()

In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: Fix memory leak in tpm2_key_encode()

'scratch' is never freed. Fix this by calling kfree() in the success, and
in the error case.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.13 < 5.15.160
LinuxLinux Kernel Version >= 5.16 < 6.1.92
LinuxLinux Kernel Version >= 6.2 < 6.6.32
LinuxLinux Kernel Version >= 6.7 < 6.8.11
LinuxLinux Kernel Version >= 6.9 < 6.9.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.114
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28
Patch
https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf
Patch
https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7
Patch
https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56
Patch
https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13
Patch
https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248
Patch