5.5

CVE-2024-56546

drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()

In the Linux kernel, the following vulnerability has been resolved:

drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()

If we fail to allocate memory for cb_data by kmalloc, the memory
allocation for eve_data is never freed, add the missing kfree()
in the error handling path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.64
LinuxLinux Kernel Version >= 6.7 < 6.11.11
LinuxLinux Kernel Version >= 6.12 < 6.12.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/272168927f38bda46f6c1ed5f40de97689e7a5d2
Patch
https://git.kernel.org/stable/c/44ed4f90a97ff6f339e50ac01db71544e0990efc
Patch
https://git.kernel.org/stable/c/584d420771e1ad2bb74e19a19da8ae0fee0a6e1f
Patch
https://git.kernel.org/stable/c/5a3bda42394ff137eb2d3d3d20d2956a8c6e9237
Patch
https://git.kernel.org/stable/c/882d7afaa4b82c20a7be7a3a039532a80ebacd23
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html