CVE-2024-35972

MEDIUM

Linux Kernel < 5.10.216 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

References (3)

[Patch] https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

[Patch] https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

[Patch] https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 0.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (3)

linux/linux_kernel < 5.10.216

linux/Kernel < 6.6.28linux

linux/Kernel < 6.8.7linux

Timeline

Published May 20, 2024

Tracked Since Feb 18, 2026