CVE-2024-41025

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon send the name as part of the init IOCTL call. This name needs to be copied to kernel for which memory is allocated. This memory is never freed which might result in memory leak. Free the memory when it is not needed.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2	Patch
https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e	Patch
https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64	Patch
https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2	Patch
https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e	Patch
https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc7::::::

History

03 Feb 2025, 15:43

Type	Values Removed	Values Added
CWE		CWE-401
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.10:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc5:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
References	~~() https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2 -~~	() https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2 - Patch
References	~~() https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e -~~	() https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e - Patch
References	~~() https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64 -~~	() https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64 - Patch

21 Nov 2024, 09:32

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: corrige la pérdida de memoria en la operación de conexión del daemon de audio. El daemon PD de audio envía el nombre como parte de la llamada init IOCTL. Este nombre debe copiarse en el kernel para el que se asigna la memoria. Esta memoria nunca se libera, lo que podría provocar una pérdida de memoria. Libera la memoria cuando no sea necesaria.
References	~~() https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2 -~~	() https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2 -
References	~~() https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e -~~	() https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e -
References	~~() https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64 -~~	() https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64 -

29 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 15:15

Updated : 2025-02-03 15:43

NVD link : CVE-2024-41025

Mitre link : CVE-2024-41025

CVE.ORG link : CVE-2024-41025

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10