CVE-2024-41002
Published: July 15, 2024Last modified: July 15, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv resource release is added to the sec resource release function.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.97-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/36810d2db3496bb8b4db7ccda666674a5efc7b47
- https://git.kernel.org/stable/c/7c42ce556ff65995c8875c9ed64141c14238e7e6
- https://git.kernel.org/stable/c/9f21886370db451b0fdc651f6e41550a1da70601
- https://git.kernel.org/stable/c/a886bcb0f67d1e3d6b2da25b3519de59098200c2
- https://git.kernel.org/stable/c/bba4250757b4ae1680fea435a358d8093f254094