CVE-2024-53202

Summary

In the Linux kernel, the following vulnerability has been resolved:

firmware_loader: Fix possible resource leak in fw_log_firmware_info()

The alg instance should be released under the exception path, otherwise there may be resource leak here.

To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux02fe26f25325b547b7a31a65deb0326c04bb5174 < 789a72498d32f88d24371c10985aceb46397056caffected
LinuxLinux02fe26f25325b547b7a31a65deb0326c04bb5174 < eb5d67d00ad17a5bd0920f455160dc2ccbd2dc78affected
LinuxLinux02fe26f25325b547b7a31a65deb0326c04bb5174 < f380f895dbb2a11d62ca6df9e82d995f4bc26b84affected
LinuxLinux02fe26f25325b547b7a31a65deb0326c04bb5174 < 369a9c046c2fdfe037f05b43b84c386bdbccc103affected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References