CVE-2024-35972

MEDIUM

Linux Kernel - Use-After-Free in bnxt_rdma_aux_device_init()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

Patch

https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

Patch

https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 13.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (11)

linux/Kernel 6.3.0 - 6.6.28linux

linux/Kernel 6.7.0 - 6.8.7linux

Linux/Linux < 6.3

Linux/Linux 30343221132430c24b468493c861f71e2bad131f - 10a9d6a7513f93d7faffcb341af0aa42be8218fe

Linux/Linux 30343221132430c24b468493c861f71e2bad131f - 7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Linux/Linux 30343221132430c24b468493c861f71e2bad131f - c60ed825530b8c0cc2b524efd39b1d696ec54004

Linux/Linux 6.3

Linux/Linux 6.6.28 - 6.6.*

Linux/Linux 6.8.7 - 6.8.*

Linux/Linux 6.9

... and 1 more

Published May 20, 2024

Tracked Since Feb 18, 2026