Fix Possible Memory Leak in bnxt_rdma_aux_device_init()
CVE-2024-35972

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2024

What is CVE-2024-35972?

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()

If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

Affected Version(s)

Linux 30343221132430c24b468493c861f71e2bad131f

Linux 30343221132430c24b468493c861f71e2bad131f < 10a9d6a7513f93d7faffcb341af0aa42be8218fe

Linux 30343221132430c24b468493c861f71e2bad131f < 7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

References

https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd...

https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341...

https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fad...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2024