Memory Leak in Linux Kernel's QEDF Driver
CVE-2024-56748

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

Summary

A memory leak vulnerability exists in the Linux kernel's QEDF (QLogic Ethernet Driver Framework) driver, specifically in the function qedf_alloc_and_init_sb(). When an initialization step fails, the hook 'qed_ops->common->sb_init' does not properly release allocated DMA memory (sb_virt). The absence of a corresponding dma_free_coherent() function call results in a potential memory leak, impacting system performance and resource utilization. This issue has been addressed in recent kernel updates, ensuring better memory management practices alongside the same approach utilized in other related functions, such as qedr_alloc_mem_sb() and qede_alloc_mem_sb().

Affected Version(s)

Linux 61d8658b4a435eac729966cc94cdda077a8df5cd < 97384449ddfc07f12ca75f510eb070020d7abb34

Linux 61d8658b4a435eac729966cc94cdda077a8df5cd

Linux 61d8658b4a435eac729966cc94cdda077a8df5cd < 64654bf5efb3f748e6fc41227adda689618ce9c4

References

https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510...

https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418...

https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227...

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024

Collectors

NVD DatabaseMitre Database