Memory Leak Vulnerability in Linux Kernel Affecting PCI Functionality
CVE-2024-56745
Summary
A vulnerability exists in the Linux kernel's PCI subsystem related to the reset_method_store() function, where improper handling of memory allocation results in memory leaks. The function uses kstrndup() to allocate a string assigned to a local variable named 'options'. During the processing of this string, the strsep() function can set 'options' to NULL if no spaces are found, preventing the allocated memory from being freed correctly. This oversight leads to potential memory leaks that could impact system performance and stability. A fix has been implemented by introducing a separate temporary variable to iterate over the options, ensuring the original memory allocation remains intact for proper deallocation. This resolution aids in safeguarding system resources and maintaining optimal performance.
Affected Version(s)
Linux d88f521da3efd698e36d0d504a2abba6ac4f5ef8 < 403efb4457c0c8f8f51e904cc57d39193780c6bd
Linux d88f521da3efd698e36d0d504a2abba6ac4f5ef8 < 931d07ccffcc3614f20aaf602b31e89754e21c59
Linux d88f521da3efd698e36d0d504a2abba6ac4f5ef8 < 8e098baf6bc3f3a6aefc383509aba07e202f7ee0
References
Timeline
Vulnerability published
Vulnerability Reserved