ghsa-822w-7669-q3g6
Vulnerability from github
Published
2024-10-29 03:31
Modified
2024-10-30 18:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()

The sysfs_target->regions allocated in damon_sysfs_regions_alloc() is not freed in damon_sysfs_test_add_targets(), which cause the following memory leak, free it to fix it.

unreferenced object 0xffffff80c2a8db80 (size 96):
  comm "kunit_try_catch", pid 187, jiffies 4294894363
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 0):
    [<0000000001e3714d>] kmemleak_alloc+0x34/0x40
    [<000000008e6835c1>] __kmalloc_cache_noprof+0x26c/0x2f4
    [<000000001286d9f8>] damon_sysfs_test_add_targets+0x1cc/0x738
    [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
    [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000adf936cf>] kthread+0x2e8/0x374
    [<0000000041bb1628>] ret_from_fork+0x10/0x20
Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-50068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T01:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()\n\nThe sysfs_target-\u003eregions allocated in damon_sysfs_regions_alloc() is not\nfreed in damon_sysfs_test_add_targets(), which cause the following memory\nleak, free it to fix it.\n\n\tunreferenced object 0xffffff80c2a8db80 (size 96):\n\t  comm \"kunit_try_catch\", pid 187, jiffies 4294894363\n\t  hex dump (first 32 bytes):\n\t    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n\t    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n\t  backtrace (crc 0):\n\t    [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c000000008e6835c1\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t    [\u003c000000001286d9f8\u003e] damon_sysfs_test_add_targets+0x1cc/0x738\n\t    [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t    [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20",
  "id": "GHSA-822w-7669-q3g6",
  "modified": "2024-10-30T18:30:48Z",
  "published": "2024-10-29T03:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50068"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05d43455f6bffa6abc7b937ca58be00452e6973f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d6a1c835685de3b0c8e8dc871f60f4ef92ab01a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.