5.5

CVE-2024-56745

PCI: Fix reset_method_store() memory leak

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix reset_method_store() memory leak

In reset_method_store(), a string is allocated via kstrndup() and assigned
to the local "options". options is then used in with strsep() to find
spaces:

  while ((name = strsep(&options, " ")) != NULL) {

If there are no remaining spaces, then options is set to NULL by strsep(),
so the subsequent kfree(options) doesn't free the memory allocated via
kstrndup().

Fix by using a separate tmp_options to iterate with strsep() so options is
preserved.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.174
LinuxLinux Kernel Version >= 5.16 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.64
LinuxLinux Kernel Version >= 6.7 < 6.11.11
LinuxLinux Kernel Version >= 6.12 < 6.12.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.107
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/2985b1844f3f3447f2d938eff1ef6762592065a5
Patch
https://git.kernel.org/stable/c/403efb4457c0c8f8f51e904cc57d39193780c6bd
Patch
https://git.kernel.org/stable/c/543d0eb40e45c6a51f1bff02f417b602e54472d5
Patch
https://git.kernel.org/stable/c/8e098baf6bc3f3a6aefc383509aba07e202f7ee0
Patch
https://git.kernel.org/stable/c/931d07ccffcc3614f20aaf602b31e89754e21c59
Patch
https://git.kernel.org/stable/c/fe6fae61f3b993160aef5fe2b7141a83872c144f
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html