CVE-2024-38603

drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()

pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action()
fails, the irq vector is not freed, which leads to a memory leak.

Replace the devm_add_action with devm_add_action_or_reset to ensure
the irq vector can be destroyed when it fails.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/perf: hisi: hns3: en realidad usa devm_add_action_or_reset() pci_alloc_irq_vectors() asigna un vector irq. Cuando devm_add_action() falla, el vector irq no se libera, lo que provoca una pérdida de memoria. Reemplace devm_add_action con devm_add_action_or_reset para garantizar que el vector irq pueda destruirse cuando falla.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-08-02 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/66637ab137b44914356a9dc7a9b3f8ebcf0b0695	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1491a01ef5a98149048b12e208f6ed8e86ad10b9	2024-06-12
https://git.kernel.org/stable/c/a7678a16c25b6ece1667ac681e3e783ff3de7a6f	2024-06-12
https://git.kernel.org/stable/c/2fcffaaf529d5fe3fdc6c0ee65a6f266b74de782	2024-05-30
https://git.kernel.org/stable/c/b1e86f1ef8fa796f8935be392457639f3a907d91	2024-05-30
https://git.kernel.org/stable/c/582c1aeee0a9e73010cf1c4cef338709860deeb0	2024-04-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.10"		en		Affected