| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2024 12:28:35 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-26860: dm-integrity: fix a memory leak when rechecking the data Description =========== In the Linux kernel, the following vulnerability has been resolved: dm-integrity: fix a memory leak when rechecking the data Memory for the "checksums" pointer will leak if the data is rechecked after checksum failure (because the associated kfree won't happen due to 'goto skip_io'). Fix this by freeing the checksums memory before recheck, and just use the "checksum_onstack" memory for storing checksum during recheck. The Linux kernel CVE team has assigned CVE-2024-26860 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.80 with commit 906414f45964 and fixed in 6.1.83 with commit 20e21c3c0195 Issue introduced in 6.6.19 with commit d6824a28b244 and fixed in 6.6.23 with commit 338580a7fb9b Issue introduced in 6.7.7 with commit eb7b14a6a923 and fixed in 6.7.11 with commit 74abc2fe0969 Issue introduced in 6.8 with commit c88f5e553fe3 and fixed in 6.8.2 with commit 6d35654f03c3 Issue introduced in 6.8 with commit c88f5e553fe3 and fixed in 6.9-rc1 with commit 55e565c42dce Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-26860 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/dm-integrity.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/20e21c3c0195d915f33bc7321ee6b362177bf5bf https://git.kernel.org/stable/c/338580a7fb9b0930bb38098007e89cc0fc496bf7 https://git.kernel.org/stable/c/74abc2fe09691f3d836d8a54d599ca71f1e4287b https://git.kernel.org/stable/c/6d35654f03c35c273240d85ec67e3f2c3596c4e0 https://git.kernel.org/stable/c/55e565c42dce81a4e49c13262d5bc4eb4c2e588a
Powered by blists - more mailing lists