CVE-2024-47755 – Linux NVDIMM Memory Leak Vulnerability

CVE ID : CVE-2024-47755

Published : Oct. 21, 2024, 1:15 p.m. | 1 hour, 1 minute ago

Description : In the Linux kernel, the following vulnerability has been resolved:

nvdimm: Fix devs leaks in scan_labels()

scan_labels() leaks memory when label scanning fails and it falls back
to just creating a default “seed” namespace for userspace to configure.
Root can force the kernel to leak memory.

Allocate the minimum resources unconditionally and release them when
unneeded to avoid the memory leak.

A kmemleak reports:
unreferenced object 0xffff88800dda1980 (size 16):
comm “kworker/u10:5”, pid 69, jiffies 4294671781
hex dump (first 16 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
backtrace (crc 0):
[] __kmalloc+0x32c/0x470
[] nd_region_register_namespaces+0x6fb/0x1120 [libnvdimm]
[] nd_region_probe+0xfe/0x210 [libnvdimm]
[] nvdimm_bus_probe+0x7a/0x1e0 [libnvdimm]
[] really_probe+0xc6/0x390
[] __driver_probe_device+0x78/0x150
[] driver_probe_device+0x1e/0x90
[] __device_attach_driver+0x85/0x110
[] bus_for_each_drv+0x85/0xe0
[] __device_attach+0xbe/0x1e0
[] bus_probe_device+0x94/0xb0
[] device_add+0x656/0x870
[] nd_async_device_register+0xe/0x50 [libnvdimm]
[] async_run_entry_fn+0x2e/0x110
[] process_one_work+0x1ee/0x600
[] worker_thread+0x183/0x350

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-47755 – Linux NVDIMM Memory Leak Vulnerability