CVE-2024-35972 - Missing Release of Memory after Effective Lifetime

Severity

55%

Complexity

18%

Confidentiality

60%

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Demo Examples

Missing Release of Memory after Effective Lifetime

CWE-401

The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:


               
}

                     
return buf;
return NULL;

                           
return NULL;

Overview

First reported 9 months ago

2024-05-20 10:15:00

Last updated 3 months ago

2024-11-21 09:21:00

Affected Software

Linux Kernel

References

https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

Patch

https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

Patch

https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.