| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-38632: vfio/pci: fix potential memory leak in vfio_intx_enable() |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| vfio/pci: fix potential memory leak in vfio_intx_enable() |
| |
| If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. |
| |
| The Linux kernel CVE team has assigned CVE-2024-38632 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.15.154 with commit 4cb0d7532126d23145329826c38054b4e9a05e7c and fixed in 5.15.168 with commit a6d810554d7d9d07041f14c5fcd453f3d3fed594 |
| Issue introduced in 6.1.84 with commit 7d29d4c72c1e196cce6969c98072a272d1a703b3 and fixed in 6.1.113 with commit 91ced077db2062604ec270b1046f8337e9090079 |
| Issue introduced in 6.6.24 with commit 69276a555c740acfbff13fb5769ee9c92e1c828e and fixed in 6.6.33 with commit 0bd22a4966d55f1d2c127a53300d5c2b50152376 |
| Issue introduced in 6.9 with commit 18c198c96a815c962adc2b9b77909eec0be7df4d and fixed in 6.9.4 with commit 35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140 |
| Issue introduced in 6.9 with commit 18c198c96a815c962adc2b9b77909eec0be7df4d and fixed in 6.10 with commit 82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 |
| Issue introduced in 5.4.274 with commit b18fa894d615c8527e15d96b76c7448800e13899 |
| Issue introduced in 5.10.215 with commit 27d40bf72dd9a6600b76ad05859176ea9a1b4897 |
| Issue introduced in 6.7.12 with commit 4c089cefe30924fbe20dd1ee92774ea1f5eca834 |
| Issue introduced in 6.8.3 with commit 0e09cf81959d9f12b75ad5c6dd53d237432ed034 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-38632 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/vfio/pci/vfio_pci_intrs.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594 |
| https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079 |
| https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376 |
| https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140 |
| https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 |
