CVE-2024-43871

devres: Fix memory leakage caused by driver API devm_free_percpu()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu()
to free memory allocated by devm_alloc_percpu(), fixed by using
devres_release() instead of devres_destroy() within devm_free_percpu().

In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-17 CVE Reserved
2024-08-21 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/ff86aae3b4112b85d2231c23bccbc49589df1c06	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85	2024-08-19
https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf	2024-08-19
https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85	2024-08-19
https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96	2024-08-19
https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d	2024-08-03
https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701	2024-08-03
https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c	2024-08-03
https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c	2024-07-04

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-43871	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2306365	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.19.320 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.19.320"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.4.282 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.4.282"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.10.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.10.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.15.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.1.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.1.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.6.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.6.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.10.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.10.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.11"		en		Affected