CVE-2024-36967

MEDIUM

Linux Kernel < 5.15.160 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case.

References (6)

[Patch] https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28

[Patch] https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf

[Patch] https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7

[Patch] https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56

[Patch] https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13

[Patch] https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (6)

linux/linux_kernel < 5.15.160

linux/Kernel < 5.15.160linux

linux/Kernel < 6.1.92linux

linux/Kernel < 6.6.32linux

linux/Kernel < 6.8.11linux

linux/Kernel < 6.9.2linux

Timeline

Published Jun 08, 2024

Tracked Since Feb 18, 2026