CVE-2024-27388

Summary

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix some memleaks in gssx_dec_option_array

The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < b97c37978ca825557d331c9012e0c1ddc0e42364affected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8affected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8affected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < dd292e884c649f9b1c18af0ec75ca90b390cd044affected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < 934212a623cbab851848b6de377eb476718c3e4caffected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < 5e6013ae2c8d420faea553d363935f65badd32c3affected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < 9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4affected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < 996997d1fb2126feda550d6adcedcbd94911fc69affected
LinuxLinux1d658336b05f8697d6445834f8867f8ad5e4f735 < 3cfcfc102a5e57b021b786a755a38935e357797daffected
LinuxLinux3.10affected
LinuxLinux0 < 3.10unaffected
LinuxLinux4.19.311 <= 4.19.*unaffected
LinuxLinux5.4.273 <= 5.4.*unaffected
LinuxLinux5.10.214 <= 5.10.*unaffected
LinuxLinux5.15.153 <= 5.15.*unaffected
LinuxLinux6.1.83 <= 6.1.*unaffected
LinuxLinux6.6.23 <= 6.6.*unaffected
LinuxLinux6.7.11 <= 6.7.*unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References