Lucene search

[email protected]NVD:CVE-2024-25740

HistoryFeb 12, 2024 - 3:15 a.m.

CVE-2024-25740

2024-02-1203:15:32

CWE-401

[email protected]

web.nvd.nist.gov

ubi driver

memory leak

linux kernel

ubi_iocatt

kobj->name

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤6.7.4

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-25740

prion1 cvelist1 debiancve1 redhatcve1 ubuntucve1 cve1