CVE-2024-27388
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix some memleaks in gssx_dec_option_array
The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < b97c37978ca825557d331c9012e0c1ddc0e42364 | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8 | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8 | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < dd292e884c649f9b1c18af0ec75ca90b390cd044 | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < 934212a623cbab851848b6de377eb476718c3e4c | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < 5e6013ae2c8d420faea553d363935f65badd32c3 | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < 9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4 | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < 996997d1fb2126feda550d6adcedcbd94911fc69 | affected |
| Linux | Linux | 1d658336b05f8697d6445834f8867f8ad5e4f735 < 3cfcfc102a5e57b021b786a755a38935e357797d | affected |
| Linux | Linux | 3.10 | affected |
| Linux | Linux | 0 < 3.10 | unaffected |
| Linux | Linux | 4.19.311 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.273 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.214 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.153 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.83 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.23 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.11 <= 6.7.* | unaffected |
| Linux | Linux | 6.8.2 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364
- https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8
- https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8
- https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044
- https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c
- https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3
- https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4
- https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69
- https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364
- https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8
- https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8
- https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044
- https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c
- https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3
- https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4
- https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69
- https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.