CVE-2024-38603

Summary

In the Linux kernel, the following vulnerability has been resolved:

drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()

pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action() fails, the irq vector is not freed, which leads to a memory leak.

Replace the devm_add_action with devm_add_action_or_reset to ensure the irq vector can be destroyed when it fails.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux66637ab137b44914356a9dc7a9b3f8ebcf0b0695 < 1491a01ef5a98149048b12e208f6ed8e86ad10b9affected
LinuxLinux66637ab137b44914356a9dc7a9b3f8ebcf0b0695 < a7678a16c25b6ece1667ac681e3e783ff3de7a6faffected
LinuxLinux66637ab137b44914356a9dc7a9b3f8ebcf0b0695 < 2fcffaaf529d5fe3fdc6c0ee65a6f266b74de782affected
LinuxLinux66637ab137b44914356a9dc7a9b3f8ebcf0b0695 < b1e86f1ef8fa796f8935be392457639f3a907d91affected
LinuxLinux66637ab137b44914356a9dc7a9b3f8ebcf0b0695 < 582c1aeee0a9e73010cf1c4cef338709860deeb0affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.93 <= 6.1.*unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.8.12 <= 6.8.*unaffected
LinuxLinux6.9.3 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References