Memory Leak Vulnerability in Linux Kernel Affecting SCSI QEDI Driver
CVE-2024-56747

5.5MEDIUM

Key Information:

Vendor
Linux
Status
Vendor
CVE Published:
29 December 2024

Summary

A memory leak vulnerability exists in the Linux kernel specifically impacting the SCSI QEDI driver, due to improper handling in the qedi_alloc_and_init_sb() function. When the initialization process fails, it does not release the DMA memory allocated for sb_virt, which may lead to resource exhaustion over time. The fix involves implementing dma_free_coherent() to correctly free memory, following the existing practices observed in similar allocation functions like qedr_alloc_mem_sb() and qede_alloc_mem_sb(). Addressing this issue is crucial for maintaining optimal system performance and stability.

Affected Version(s)

Linux ace7f46ba5fde7273207c7122b0650ceb72510e0 < 4e48e5b26b3edc0e1dd329201ffc924a7a1f9337

Linux ace7f46ba5fde7273207c7122b0650ceb72510e0

Linux ace7f46ba5fde7273207c7122b0650ceb72510e0

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.