cve/published/2024/CVE-2024-36954.mbox

From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix a possible memleak in tipc_buf_append

__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.

The Linux kernel CVE team has assigned CVE-2024-36954 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.19.193 with commit 4b1761898861117c97066aea6c58f68a7787f0bf and fixed in 4.19.314 with commit 01cd1b7b685751ee422d00d050292a3d277652d6
	Issue introduced in 5.4.124 with commit 64d17ec9f1ded042c4b188d15734f33486ed9966 and fixed in 5.4.276 with commit 2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae
	Issue introduced in 5.10.42 with commit 6da24cfc83ba4f97ea44fc7ae9999a006101755c and fixed in 5.10.217 with commit adbce6d20da6254c86425a8d4359b221b5ccbccd
	Issue introduced in 5.13 with commit b7df21cf1b79ab7026f545e7bf837bd5750ac026 and fixed in 5.15.159 with commit 42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c
	Issue introduced in 5.13 with commit b7df21cf1b79ab7026f545e7bf837bd5750ac026 and fixed in 6.1.91 with commit d03a82f4f8144befdc10518e732e2a60b34c870e
	Issue introduced in 5.13 with commit b7df21cf1b79ab7026f545e7bf837bd5750ac026 and fixed in 6.6.31 with commit 614c5a5ae45a921595952117b2e2bd4d4bf9b574
	Issue introduced in 5.13 with commit b7df21cf1b79ab7026f545e7bf837bd5750ac026 and fixed in 6.8.10 with commit 3210d34fda4caff212cb53729e6bd46de604d565
	Issue introduced in 5.13 with commit b7df21cf1b79ab7026f545e7bf837bd5750ac026 and fixed in 6.9 with commit 97bf6f81b29a8efaf5d0983251a7450e5794370d
	Issue introduced in 4.4.271 with commit b2c8d28c34b3070407cb1741f9ba3f15d0284b8b
	Issue introduced in 4.9.271 with commit 5489f30bb78ff0dafb4229a69632afc2ba20765c
	Issue introduced in 4.14.235 with commit 436d650d374329a591c30339a91fa5078052ed1e
	Issue introduced in 5.12.9 with commit ace300eecbccaa698e2b472843c74a5f33f7dce8

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-36954
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	net/tipc/msg.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6
	https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae
	https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd
	https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c
	https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e
	https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574
	https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565
	https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d