CVE-2024-35828

MEDIUM

Linux Kernel < 4.19.311 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().

References (11)

[Patch] https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9

[Patch] https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a

[Patch] https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab

[Patch] https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186

[Patch] https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf

[Patch] https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591

[Patch] https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3

[Patch] https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2

[Patch] https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (10)

linux/linux_kernel < 4.19.311

debian/debian_linux

linux/Kernel < 4.19.311linux

linux/Kernel < 5.4.273linux

linux/Kernel < 5.10.214linux

linux/Kernel < 5.15.153linux

linux/Kernel < 6.1.83linux

linux/Kernel < 6.6.23linux

linux/Kernel < 6.7.11linux

linux/Kernel < 6.8.2linux

Timeline

Published May 17, 2024

Tracked Since Feb 18, 2026