Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-56745

Опубликовано: 29 дек. 2024
Источник: nvd
CVSS3: 5.5
CVSS3: 3.3
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix reset_method_store() memory leak

In reset_method_store(), a string is allocated via kstrndup() and assigned to the local "options". options is then used in with strsep() to find spaces:

while ((name = strsep(&options, " ")) != NULL) {

If there are no remaining spaces, then options is set to NULL by strsep(), so the subsequent kfree(options) doesn't free the memory allocated via kstrndup().

Fix by using a separate tmp_options to iterate with strsep() so options is preserved.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.15 (включая) до 5.15.174 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 6.1.120 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.64 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.11.11 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.12 (включая) до 6.12.2 (исключая)

EPSS

Процентиль: 6%
0.00027
Низкий

5.5 Medium

CVSS3

3.3 Low

CVSS3

Дефекты

CWE-401
CWE-401

Связанные уязвимости

ubuntu логотип

CVE-2024-56745

CVSS3: 5.5
ubuntu
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reset_method_store() memory leak In reset_method_store(), a string is allocated via kstrndup() and assigned to the local "options". options is then used in with strsep() to find spaces: while ((name = strsep(&options, " ")) != NULL) { If there are no remaining spaces, then options is set to NULL by strsep(), so the subsequent kfree(options) doesn't free the memory allocated via kstrndup(). Fix by using a separate tmp_options to iterate with strsep() so options is preserved.

redhat логотип

CVE-2024-56745

CVSS3: 6.1
redhat
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reset_method_store() memory leak In reset_method_store(), a string is allocated via kstrndup() and assigned to the local "options". options is then used in with strsep() to find spaces: while ((name = strsep(&options, " ")) != NULL) { If there are no remaining spaces, then options is set to NULL by strsep(), so the subsequent kfree(options) doesn't free the memory allocated via kstrndup(). Fix by using a separate tmp_options to iterate with strsep() so options is preserved.

msrc логотип

CVE-2024-56745

CVSS3: 5.5
msrc
5 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-56745

CVSS3: 5.5
debian
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: P ...

github логотип

GHSA-jxx5-v8qw-45p6

CVSS3: 5.5
github
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reset_method_store() memory leak In reset_method_store(), a string is allocated via kstrndup() and assigned to the local "options". options is then used in with strsep() to find spaces: while ((name = strsep(&options, " ")) != NULL) { If there are no remaining spaces, then options is set to NULL by strsep(), so the subsequent kfree(options) doesn't free the memory allocated via kstrndup(). Fix by using a separate tmp_options to iterate with strsep() so options is preserved.

EPSS

Процентиль: 6%
0.00027
Низкий

5.5 Medium

CVSS3

3.3 Low

CVSS3

Дефекты

CWE-401
CWE-401