CVE-2024-26860
dm-integrity: fix a memory leak when rechecking the data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: fix a memory leak when rechecking the data Memory for the "checksums" pointer will leak if the data is rechecked
after checksum failure (because the associated kfree won't happen due
to 'goto skip_io'). Fix this by freeing the checksums memory before recheck, and just use
the "checksum_onstack" memory for storing checksum during recheck.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm-integrity: soluciona una pérdida de memoria al volver a verificar los datos. La memoria para el puntero de "sumas de verificación" se perderá si los datos se vuelven a verificar después de una falla en la suma de verificación (porque el kfree asociado no sucederá). debido a 'goto skip_io'). Solucione este problema liberando la memoria de sumas de verificación antes de volver a verificar y simplemente use la memoria "checksum_onstack" para almacenar la suma de verificación durante la nueva verificación.
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: fix a memory leak when rechecking the data Memory for the "checksums" pointer will leak if the data is rechecked after checksum failure (because the associated kfree won't happen due to 'goto skip_io'). Fix this by freeing the checksums memory before recheck, and just use the "checksum_onstack" memory for storing checksum during recheck.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-17 CVE Published
- 2024-04-18 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/906414f4596469004632de29126c55751ed82c5e | Vuln. Introduced | |
| https://git.kernel.org/stable/c/d6824a28b244e8a750952848e4bd2167e1e9a17e | Vuln. Introduced | |
| https://git.kernel.org/stable/c/eb7b14a6a923c5678573c4d238c781cc83fcbc0f | Vuln. Introduced | |
| https://git.kernel.org/stable/c/c88f5e553fe38b2ffc4c33d08654e5281b297677 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.80 < 6.1.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.80 < 6.1.83" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.19 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.19 < 6.6.23" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7.7 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7.7 < 6.7.11" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.8.2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.9" | en |
Affected
| ||||||