Memory Leak Vulnerability in Linux Kernel's MLX5 Driver
CVE-2024-56742

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

What is CVE-2024-56742?

A vulnerability exists in the Linux kernel’s MLX5 driver that pertains to the vfio/mlx5 subsystem. It involves a programming flaw during the handling of migration pages in the mlx5vf_add_migration_pages() function. Specifically, if a set of pages is allocated but cannot be successfully added to the Scatter-Gather (SG) table, those pages must be properly freed to avoid memory leaks. The robust cleanup of allocated resources is essential to ensure system stability and performance. The issue is addressed in subsequent kernel patches, enhancing the overall reliability of the MLX5 driver.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 6fadb021266d03c5fd7bca2cfa1607efd246dad1 < 769fe4ce444b646b0bf6ac308de80686c730c7df

Linux 6fadb021266d03c5fd7bca2cfa1607efd246dad1

Linux 6fadb021266d03c5fd7bca2cfa1607efd246dad1 < 22e87bf3f77c18f5982c19ffe2732ef0c7a25f16

References

https://git.kernel.org/stable/c/769fe4ce444b646b0bf6ac308...

https://git.kernel.org/stable/c/c44f1b2ddfa81c8d7f8e9b6bc...

https://git.kernel.org/stable/c/22e87bf3f77c18f5982c19ffe...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2024-56742?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.