CVE-2024-26900
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.01%• Percentile: 1%
Techniques & Countermeasures
- CWE-401•Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Affected Systems
- linux•linux
≥ 963c555e75b033202dd76cf6325a7b7c83d08d5f, < fb5b347efd1bda989846ffc74679d181222fb123 | ≥ 963c555e75b033202dd76cf6325a7b7c83d08d5f, < f3a1787dc48213f6caea5ba7d47e0222e7fa34a9 | ≥ 963c555e75b033202dd76cf6325a7b7c83d08d5f, < beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9 | ≥ 963c555e75b033202dd76cf6325a7b7c83d08d5f, < 9fd0198f7ef06ae0d6636fb0578560857dead995 | ≥ 963c555e75b033202dd76cf6325a7b7c83d08d5f, < 6d32c832a88513f65c2c2c9c75954ee8b387adea | ≥ 963c555e75b033202dd76cf6325a7b7c83d08d5f, < 4c1021ce46fc2fb6115f7e79d353941e6dcad366 | ≥ 963c555e75b033202dd76cf6325a7b7c83d08d5f, < 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 | 5.3
- linux•linux_kernel
≥ 5.3, < 6.7.11 | ≥ 6.8, < 6.8.2
References (9)
- https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123
- https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9
- https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9
- https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995
- https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea
- https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366
- https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
- https://security.netapp.com/advisory/ntap-20240912-0011/