CVE-2024-56712
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
udmabuf: fix memory leak on last export_udmabuf() error path
In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf.
This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory leak.
Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we can give it different error handling.
Note that the shape of this code changed a lot in commit 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios"); but the memory leak seems to have existed since the introduction of udmabuf.
Common Weakness Enumeration (CWE)
Missing Release of Memory after Effective Lifetime
Missing Release of Memory after Effective Lifetime
NIST
1.8
CVSS SCORE
5.5mediumDebian
-
Ubuntu
1.8
CVSS SCORE
5.5mediumRed Hat
1.8
CVSS SCORE
5.5lowOracle
-
CVSS SCORE
N/AhighOracle
-