| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122927-CVE-2024-56748-eb85@gregkh> Date: Sun, 29 Dec 2024 12:29:41 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Hook "qed_ops->common->sb_init = qed_sb_init" does not release the DMA memory sb_virt when it fails. Add dma_free_coherent() to free it. This is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb(). The Linux kernel CVE team has assigned CVE-2024-56748 to this issue. Affected and fixed versions =========================== Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 5.4.287 with commit 97384449ddfc07f12ca75f510eb070020d7abb34 Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 5.10.231 with commit a56777a3ef5b35e24a20c4418bcf88bad033807a Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 5.15.174 with commit 64654bf5efb3f748e6fc41227adda689618ce9c4 Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 6.1.120 with commit b514f45e0fe18d763a1afc34401b1585333cb329 Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 6.6.64 with commit 7c1832287b21ff68c4e3625e63cc7619edf5908b Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 6.11.11 with commit 0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5 Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 6.12.2 with commit 78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0 Issue introduced in 4.11 with commit 61d8658b4a435eac729966cc94cdda077a8df5cd and fixed in 6.13-rc1 with commit c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56748 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/qedf/qedf_main.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510eb070020d7abb34 https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418bcf88bad033807a https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227adda689618ce9c4 https://git.kernel.org/stable/c/b514f45e0fe18d763a1afc34401b1585333cb329 https://git.kernel.org/stable/c/7c1832287b21ff68c4e3625e63cc7619edf5908b https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5 https://git.kernel.org/stable/c/78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0 https://git.kernel.org/stable/c/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb
Powered by blists - more mailing lists