CVE-2024-41002

MEDIUM

Linux kernel - Memory Corruption

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv resource release is added to the sec resource release function.

References (6)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/36810d2db3496bb8b4db7ccda666674a5efc7b47

[Patch] https://git.kernel.org/stable/c/7c42ce556ff65995c8875c9ed64141c14238e7e6

[Patch] https://git.kernel.org/stable/c/9f21886370db451b0fdc651f6e41550a1da70601

[Patch] https://git.kernel.org/stable/c/a886bcb0f67d1e3d6b2da25b3519de59098200c2

[Patch] https://git.kernel.org/stable/c/bba4250757b4ae1680fea435a358d8093f254094

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (5)

linux/linux_kernel < 5.15.162

linux/Kernel < 5.15.162linux

linux/Kernel < 6.1.96linux

linux/Kernel < 6.6.36linux

linux/Kernel < 6.9.7linux

Timeline

Published Jul 12, 2024

Tracked Since Feb 18, 2026