5.5

CVE-2024-41025

EPSS 0.01%
Published 29.07.2024 15:15:11
Last modified 03.02.2025 15:43:55
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Fix memory leak in audio daemon attach operation

Audio PD daemon send the name as part of the init IOCTL call. This
name needs to be copied to kernel for which memory is allocated.
This memory is never freed which might result in memory leak. Free
the memory when it is not needed.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.41

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.10

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

Linux ≫ Linux Kernel Version6.10 Updaterc3

Linux ≫ Linux Kernel Version6.10 Updaterc4

Linux ≫ Linux Kernel Version6.10 Updaterc5

Linux ≫ Linux Kernel Version6.10 Updaterc6

Linux ≫ Linux Kernel Version6.10 Updaterc7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2

Patch

https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e

Patch

https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-41025

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41025

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41025

EUVD