CVE-2024-43871

devres: Fix memory leakage caused by driver API devm_free_percpu()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

devres: Fix memory leakage caused by driver API devm_free_percpu()

It will cause memory leakage when use driver API devm_free_percpu()
to free memory allocated by devm_alloc_percpu(), fixed by using
devres_release() instead of devres_destroy() within devm_free_percpu().

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-17 CVE Reserved
2024-08-21 CVE Published
2024-09-04 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/ff86aae3b4112b85d2231c23bccbc49589df1c06	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85	2024-08-19
https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf	2024-08-19
https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85	2024-08-19
https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96	2024-08-19
https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d	2024-08-03
https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701	2024-08-03
https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c	2024-08-03
https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c	2024-07-04

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-43871	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2306365	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.19.320 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.19.320"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.4.282 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.4.282"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.10.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.10.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.15.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.1.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.1.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.6.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.6.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.10.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.10.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.11"		en		Affected