CVE-2024-27073

In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, there are two fixme comment refers to such deallocations.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63	Patch
https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb	Patch
https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0	Patch
https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c	Patch
https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06	Patch
https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b	Patch
https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016	Patch
https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837	Patch
https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63	Patch
https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb	Patch
https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0	Patch
https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c	Patch
https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06	Patch
https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b	Patch
https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016	Patch
https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

08 Apr 2025, 18:54

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 -~~	() https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 - Patch
References	~~() https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb -~~	() https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb - Patch
References	~~() https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 -~~	() https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 - Patch
References	~~() https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c -~~	() https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c - Patch
References	~~() https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06 -~~	() https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06 - Patch
References	~~() https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b -~~	() https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b - Patch
References	~~() https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016 -~~	() https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016 - Patch
References	~~() https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837 -~~	() https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -~~	() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - Mailing List, Third Party Advisory
First Time		Debian Linux linux Kernel Debian debian Linux Linux
CWE		CWE-401
CPE		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel::::::::

21 Nov 2024, 09:03

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
References	~~() https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 -~~	() https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 -
References	~~() https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb -~~	() https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb -
References	~~() https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 -~~	() https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 -
References	~~() https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c -~~	() https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c -
References	~~() https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06 -~~	() https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06 -
References	~~() https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b -~~	() https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b -
References	~~() https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016 -~~	() https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016 -
References	~~() https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837 -~~	() https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837 -

06 Nov 2024, 19:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

05 Nov 2024, 10:16

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~

25 Jun 2024, 23:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: ttpci: corrige dos fugas de mem en Budget_av_attach Cuando fallan saa7146_register_device y saa7146_vv_init, Budget_av_attach debería liberar los recursos que asigna, como lo hace el manejo de errores de ttpci_budget_init. Además, hay dos comentarios fijos que se refieren a dichas desasignaciones.
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -

01 May 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-01 13:15

Updated : 2025-04-08 18:54

NVD link : CVE-2024-27073

Mitre link : CVE-2024-27073

CVE.ORG link : CVE-2024-27073

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10