cve/published/2024/CVE-2024-26860.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26860: dm-integrity: fix a memory leak when rechecking the data

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 dm-integrity: fix a memory leak when rechecking the data

 Memory for the "checksums" pointer will leak if the data is rechecked
 after checksum failure (because the associated kfree won't happen due
 to 'goto skip_io').

 Fix this by freeing the checksums memory before recheck, and just use
 the "checksum_onstack" memory for storing checksum during recheck.

 The Linux kernel CVE team has assigned CVE-2024-26860 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.1.80 with commit 906414f4596469004632de29126c55751ed82c5e and fixed in 6.1.83 with commit 20e21c3c0195d915f33bc7321ee6b362177bf5bf
 	Issue introduced in 6.6.19 with commit d6824a28b244e8a750952848e4bd2167e1e9a17e and fixed in 6.6.23 with commit 338580a7fb9b0930bb38098007e89cc0fc496bf7
 	Issue introduced in 6.7.7 with commit eb7b14a6a923c5678573c4d238c781cc83fcbc0f and fixed in 6.7.11 with commit 74abc2fe09691f3d836d8a54d599ca71f1e4287b
 	Issue introduced in 6.8 with commit c88f5e553fe38b2ffc4c33d08654e5281b297677 and fixed in 6.8.2 with commit 6d35654f03c35c273240d85ec67e3f2c3596c4e0
 	Issue introduced in 6.8 with commit c88f5e553fe38b2ffc4c33d08654e5281b297677 and fixed in 6.9 with commit 55e565c42dce81a4e49c13262d5bc4eb4c2e588a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26860
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/md/dm-integrity.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/20e21c3c0195d915f33bc7321ee6b362177bf5bf
 	https://git.kernel.org/stable/c/338580a7fb9b0930bb38098007e89cc0fc496bf7
 	https://git.kernel.org/stable/c/74abc2fe09691f3d836d8a54d599ca71f1e4287b
 	https://git.kernel.org/stable/c/6d35654f03c35c273240d85ec67e3f2c3596c4e0
 	https://git.kernel.org/stable/c/55e565c42dce81a4e49c13262d5bc4eb4c2e588a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26860: dm-integrity: fix a memory leak when rechecking the data

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	dm-integrity: fix a memory leak when rechecking the data

	Memory for the "checksums" pointer will leak if the data is rechecked
	after checksum failure (because the associated kfree won't happen due
	to 'goto skip_io').

	Fix this by freeing the checksums memory before recheck, and just use
	the "checksum_onstack" memory for storing checksum during recheck.

	The Linux kernel CVE team has assigned CVE-2024-26860 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.1.80 with commit 906414f4596469004632de29126c55751ed82c5e and fixed in 6.1.83 with commit 20e21c3c0195d915f33bc7321ee6b362177bf5bf
	Issue introduced in 6.6.19 with commit d6824a28b244e8a750952848e4bd2167e1e9a17e and fixed in 6.6.23 with commit 338580a7fb9b0930bb38098007e89cc0fc496bf7
	Issue introduced in 6.7.7 with commit eb7b14a6a923c5678573c4d238c781cc83fcbc0f and fixed in 6.7.11 with commit 74abc2fe09691f3d836d8a54d599ca71f1e4287b
	Issue introduced in 6.8 with commit c88f5e553fe38b2ffc4c33d08654e5281b297677 and fixed in 6.8.2 with commit 6d35654f03c35c273240d85ec67e3f2c3596c4e0
	Issue introduced in 6.8 with commit c88f5e553fe38b2ffc4c33d08654e5281b297677 and fixed in 6.9 with commit 55e565c42dce81a4e49c13262d5bc4eb4c2e588a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26860
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/md/dm-integrity.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/20e21c3c0195d915f33bc7321ee6b362177bf5bf
	https://git.kernel.org/stable/c/338580a7fb9b0930bb38098007e89cc0fc496bf7
	https://git.kernel.org/stable/c/74abc2fe09691f3d836d8a54d599ca71f1e4287b
	https://git.kernel.org/stable/c/6d35654f03c35c273240d85ec67e3f2c3596c4e0
	https://git.kernel.org/stable/c/55e565c42dce81a4e49c13262d5bc4eb4c2e588a