5.5

CVE-2024-38632

vfio/pci: fix potential memory leak in vfio_intx_enable()

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: fix potential memory leak in vfio_intx_enable()

If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.6.24 < 6.6.33
LinuxLinux Kernel Version >= 6.9 < 6.9.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.123
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376
Patch
https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140
Patch
https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2
Patch
https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079
https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html