Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2024 / CVE-2024-50231.json
blob: 53cb65ae9454c6c712c0187832273790eea4f320 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()\n\nmodprobe iio-test-gts and rmmod it, then the following memory leak\noccurs:\n\n\tunreferenced object 0xffffff80c810be00 (size 64):\n\t comm \"kunit_try_catch\", pid 1654, jiffies 4294913981\n\t hex dump (first 32 bytes):\n\t 02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........ ...@...\n\t 80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00 ................\n\t backtrace (crc a63d875e):\n\t [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40\n\t [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0\n\t [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [<0000000071bb4b09>] 0xffffffdf052a62e0\n\t [<000000000315bc18>] 0xffffffdf052a6488\n\t [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac\n\t [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<00000000f505065d>] kthread+0x2e8/0x374\n\t [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cbfe9e70 (size 16):\n\t comm \"kunit_try_catch\", pid 1658, jiffies 4294914015\n\t hex dump (first 16 bytes):\n\t 10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00 ....@...........\n\t backtrace (crc 857f0cb4):\n\t [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40\n\t [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0\n\t [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [<0000000071bb4b09>] 0xffffffdf052a62e0\n\t [<000000007d089d45>] 0xffffffdf052a6864\n\t [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac\n\t [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<00000000f505065d>] kthread+0x2e8/0x374\n\t [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20\n\t......\n\nIt includes 5*5 times \"size 64\" memory leaks, which correspond to 5 times\ntest_init_iio_gain_scale() calls with gts_test_gains size 10 (10*size(int))\nand gts_test_itimes size 5. It also includes 5*1 times \"size 16\"\nmemory leak, which correspond to one time __test_init_iio_gain_scale()\ncall with gts_test_gains_gain_low size 3 (3*size(int)) and gts_test_itimes\nsize 5.\n\nThe reason is that the per_time_gains[i] is not freed which is allocated in\nthe \"gts->num_itime\" for loop in iio_gts_build_avail_scale_table()."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/iio/industrialio-gts-helper.c"
],
"versions": [
{
"version": "38416c28e16890b52fdd5eb73479299ec3f062f3",
"lessThan": "38d6e8be234d87b0eedca50309e25051888b39d1",
"status": "affected",
"versionType": "git"
},
{
"version": "38416c28e16890b52fdd5eb73479299ec3f062f3",
"lessThan": "16e41593825c3044efca0eb34b2d6ffba306e4ec",
"status": "affected",
"versionType": "git"
},
{
"version": "38416c28e16890b52fdd5eb73479299ec3f062f3",
"lessThan": "691e79ffc42154a9c91dc3b7e96a307037b4be74",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/iio/industrialio-gts-helper.c"
],
"versions": [
{
"version": "6.4",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.4",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.60",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.7",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.6.60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.11.7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.12"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/38d6e8be234d87b0eedca50309e25051888b39d1"
},
{
"url": "https://git.kernel.org/stable/c/16e41593825c3044efca0eb34b2d6ffba306e4ec"
},
{
"url": "https://git.kernel.org/stable/c/691e79ffc42154a9c91dc3b7e96a307037b4be74"
}
],
"title": "iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-50231",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}