Executive Summary

Informations
Name CVE-2024-38539 First vendor Publication 2024-06-19
Vendor Cve Last vendor Modification 2024-08-26

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw

When running blktests nvme/rdma, the following kmemleak issue will appear.

kmemleak: Kernel memory leak detector initialized (mempool available:36041) kmemleak: Automatic memory scanning thread started kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 8 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 17 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 4 new suspected memory leaks (see /sys/kernel/debug/kmemleak)

unreferenced object 0xffff88855da53400 (size 192):
comm "rdma", pid 10630, jiffies 4296575922
hex dump (first 32 bytes):
37 00 00 00 00 00 00 00 c0 ff ff ff 1f 00 00 00 7...............
10 34 a5 5d 85 88 ff ff 10 34 a5 5d 85 88 ff ff .4.].....4.]....
backtrace (crc 47f66721):
[] kmalloc_trace+0x30d/0x3b0
[] alloc_gid_entry+0x47/0x380 [ib_core]
[] add_modify_gid+0x166/0x930 [ib_core]
[] ib_cache_update.part.0+0x6d8/0x910 [ib_core]
[] ib_cache_setup_one+0x24a/0x350 [ib_core]
[] ib_register_device+0x9e/0x3a0 [ib_core]
[] 0xffffffffc2a3d389
[] nldev_newlink+0x2b8/0x520 [ib_core]
[] rdma_nl_rcv_msg+0x2c3/0x520 [ib_core]
[] rdma_nl_rcv_skb.constprop.0.isra.0+0x23c/0x3a0 [ib_core]
[] netlink_unicast+0x445/0x710
[] netlink_sendmsg+0x761/0xc40
[] __sys_sendto+0x3a9/0x420
[] __x64_sys_sendto+0xdc/0x1b0
[] do_syscall_64+0x93/0x180
[] entry_SYSCALL_64_after_hwframe+0x71/0x79

The root cause: rdma_put_gid_attr is not called when sgid_attr is set to ERR_PTR(-ENODEV).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38539

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3613

Sources (Detail)

https://git.kernel.org/stable/c/3eb127dc408bf7959a4920d04d16ce10e863686a
https://git.kernel.org/stable/c/6564fc1818404254d1c9f7d75b403b4941516d26
https://git.kernel.org/stable/c/9c0731832d3b7420cbadba6a7f334363bc8dfb15
https://git.kernel.org/stable/c/b3a7fb93afd888793ef226e9665fbda98a95c48e
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Date Informations
2024-11-21 21:23:24
  • Multiple Updates
2024-11-20 02:57:59
  • Multiple Updates
2024-11-14 02:58:18
  • Multiple Updates
2024-11-09 02:58:18
  • Multiple Updates
2024-10-26 02:55:43
  • Multiple Updates
2024-10-25 02:57:37
  • Multiple Updates
2024-10-23 02:56:50
  • Multiple Updates
2024-10-03 02:52:11
  • Multiple Updates
2024-10-02 02:50:35
  • Multiple Updates
2024-09-15 02:48:26
  • Multiple Updates
2024-09-12 02:47:59
  • Multiple Updates
2024-09-07 02:47:00
  • Multiple Updates
2024-09-06 02:46:12
  • Multiple Updates
2024-09-03 21:28:12
  • Multiple Updates
2024-08-26 17:27:49
  • Multiple Updates
2024-06-20 17:27:37
  • Multiple Updates
2024-06-19 21:27:24
  • First insertion