Memory Leak Vulnerability in Linux Kernel Affecting SCSI QEDI Driver
CVE-2024-56747

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

Summary

A memory leak vulnerability exists in the Linux kernel specifically impacting the SCSI QEDI driver, due to improper handling in the qedi_alloc_and_init_sb() function. When the initialization process fails, it does not release the DMA memory allocated for sb_virt, which may lead to resource exhaustion over time. The fix involves implementing dma_free_coherent() to correctly free memory, following the existing practices observed in similar allocation functions like qedr_alloc_mem_sb() and qede_alloc_mem_sb(). Addressing this issue is crucial for maintaining optimal system performance and stability.

Affected Version(s)

Linux ace7f46ba5fde7273207c7122b0650ceb72510e0 < 4e48e5b26b3edc0e1dd329201ffc924a7a1f9337

Linux ace7f46ba5fde7273207c7122b0650ceb72510e0

References

https://git.kernel.org/stable/c/4e48e5b26b3edc0e1dd329201...

https://git.kernel.org/stable/c/eaf92fad1f21be63427920c12...

https://git.kernel.org/stable/c/a4d2011cbe039b25024831427...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024