CVE-2024-56730

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/9p/usbg: fix handling of the failed kzalloc() memory allocation

On the linux-next, next-20241108 vanilla kernel, the coccinelle tool gave the following error report:

./net/9p/trans_usbg.c:912:5-11: ERROR: allocation function on line 911 returns NULL not ERR_PTR on failure

kzalloc() failure is fixed to handle the NULL return case on the memory exhaustion.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa3be076dc174d9022a71a12554feb4c97b5c4d5c < 2cdb416de8b5795fd25fadcb69e1198b6df6d8ccaffected
LinuxLinuxa3be076dc174d9022a71a12554feb4c97b5c4d5c < ff1060813d9347e8c45c8b8cff93a4dfdb6726adaffected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References