CVE-2024-50190

MEDIUM

Linux Kernel 6.10-6.11.3 - Use-After-Free in ice_init_tx_topology

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in ice_init_tx_topology() Fix leak of the FW blob (DDP pkg). Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer allocated for the read of the current topology. This was found by kmemleak, with the following trace for each PF: [<ffffffff8761044d>] kmemdup_noprof+0x1d/0x50 [<ffffffffc0a0a480>] ice_init_ddp_config+0x100/0x220 [ice] [<ffffffffc0a0da7f>] ice_init_dev+0x6f/0x200 [ice] [<ffffffffc0a0dc49>] ice_init+0x29/0x560 [ice] [<ffffffffc0a10c1d>] ice_probe+0x21d/0x310 [ice] Constify ice_cfg_tx_topo() @buf parameter. This cascades further down to few more functions.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6

Patch

https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (9)

linux/Kernel 6.10.0 - 6.11.4linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.11.4 - 6.11.*

Linux/Linux 6.12

Linux/Linux cc5776fe183208115e42c044497e193e4671a2b9 - 43544b4e30732c3d88f423252281915d5bc739b6

Linux/Linux cc5776fe183208115e42c044497e193e4671a2b9 - c188afdc36113760873ec78cbc036f6b05f77621

linux/linux_kernel 6.12 rc1 (2 CPE variants)

linux/linux_kernel 6.10 - 6.11.4

Published Nov 08, 2024

Tracked Since Feb 18, 2026