5.5 CVE-2024-56748

Patch
 

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Hook "qed_ops->common->sb_init = qed_sb_init" does not release the DMA memory sb_virt when it fails. Add dma_free_coherent() to free it. This is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().
https://nvd.nist.gov/vuln/detail/CVE-2024-56748

Categories

CWE-401 : Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Use an abstraction library to abstract away risky APIs. Not a complete solution. The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code. Memory leak because function does not free() an element of a data structure. Memory leak when counter variable is not decremented. chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets. Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code. Memory leak via unknown manipulations as part of protocol test suite. Memory leak via a series of the same command.

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 4.11 < 5.4.287
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.5 < 5.10.231
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.11 < 5.15.174
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.16 < 6.1.120
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.2 < 6.6.64
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.7 < 6.11.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.12 < 6.12.2

REMEDIATION

Patch

Url
https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5
https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227adda689618ce9c4
https://git.kernel.org/stable/c/78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0
https://git.kernel.org/stable/c/7c1832287b21ff68c4e3625e63cc7619edf5908b
https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510eb070020d7abb34
https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418bcf88bad033807a
https://git.kernel.org/stable/c/b514f45e0fe18d763a1afc34401b1585333cb329
https://git.kernel.org/stable/c/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb

EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry