CVE-2024-27388
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.01%• Percentile: 1%
Techniques & Countermeasures
- CWE-401•Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Affected Systems
- debian•debian_linux
10.0
- linux•linux
≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < b97c37978ca825557d331c9012e0c1ddc0e42364 | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8 | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8 | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < dd292e884c649f9b1c18af0ec75ca90b390cd044 | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < 934212a623cbab851848b6de377eb476718c3e4c | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < 5e6013ae2c8d420faea553d363935f65badd32c3 | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < 9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4 | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < 996997d1fb2126feda550d6adcedcbd94911fc69 | ≥ 1d658336b05f8697d6445834f8867f8ad5e4f735, < 3cfcfc102a5e57b021b786a755a38935e357797d | 3.10
- linux•linux_kernel
≥ 3.10, < 4.19.311 | ≥ 4.20, < 5.4.273 | ≥ 5.5, < 5.10.214 | ≥ 5.11, < 5.15.153 | ≥ 5.16, < 6.1.83 | ≥ 6.2, < 6.6.23 | ≥ 6.7, < 6.7.11 | ≥ 6.8, < 6.8.2
References (11)
- https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364
- https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8
- https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8
- https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044
- https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c
- https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3
- https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4
- https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69
- https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html