CVE-2024-56712

MEDIUM

Linux Kernel 4.20-6.12.7 - Use-After-Free in udmabuf Export Error Path

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last export_udmabuf() error path In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf. This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory leak. Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we can give it different error handling. Note that the shape of this code changed a lot in commit 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios"); but the memory leak seems to have existed since the introduction of udmabuf.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/c9fc8428d4255c2128da9c4d5cd92e554d0150cf

Patch

https://git.kernel.org/stable/c/f49856f525acd5bef52ae28b7da2e001bbe7439e

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 8.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (9)

linux/Kernel 4.20.0 - 6.12.7linux

Linux/Linux < 4.20

Linux/Linux 4.20

Linux/Linux 6.12.7 - 6.12.*

Linux/Linux 6.13

Linux/Linux fbb0de795078190a9834b3409e4b009cfb18a6d4 - c9fc8428d4255c2128da9c4d5cd92e554d0150cf

Linux/Linux fbb0de795078190a9834b3409e4b009cfb18a6d4 - f49856f525acd5bef52ae28b7da2e001bbe7439e

linux/linux_kernel 6.13 rc1 (3 CPE variants)

linux/linux_kernel 4.20 - 6.12.7

Published Dec 29, 2024

Tracked Since Feb 18, 2026