CVE-2024-27068

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path If devm_krealloc() fails, then 'efuse' is leaking. So free it to avoid a leak.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d	Patch
https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218	Patch
https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be	Patch
https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357	Patch
https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d	Patch
https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218	Patch
https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be	Patch
https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

23 Dec 2024, 14:25

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-401
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d -~~	() https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d - Patch
References	~~() https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218 -~~	() https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218 - Patch
References	~~() https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be -~~	() https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be - Patch
References	~~() https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357 -~~	() https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357 - Patch

21 Nov 2024, 09:03

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/mediatek/lvts_thermal: corrige una pérdida de memoria en una ruta de manejo de errores. Si devm_krealloc() falla, entonces 'efuse' tiene una fuga. Así que libérelo para evitar una fuga.
References	~~() https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d -~~	() https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d -
References	~~() https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218 -~~	() https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218 -
References	~~() https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be -~~	() https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be -
References	~~() https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357 -~~	() https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357 -

01 May 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-01 13:15

Updated : 2024-12-23 14:25

NVD link : CVE-2024-27068

Mitre link : CVE-2024-27068

CVE.ORG link : CVE-2024-27068

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10