CVE-2024-43913

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvme: apple: fix device reference counting

Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Split the allocation side out to make the error handling boundary easier to navigate. The apple driver had been doing this wrong, leaking the controller device memory on a tagset failure.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5bd2927aceba181b84286e00aa2f56e117e699c3 < f7d9a18572fcd7130459b7691bd19ee2a2e951adaffected
LinuxLinux5bd2927aceba181b84286e00aa2f56e117e699c3 < d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3daffected
LinuxLinux5bd2927aceba181b84286e00aa2f56e117e699c3 < b9ecbfa45516182cd062fecd286db7907ba84210affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.10.5 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References