CVE-2024-50190

In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in ice_init_tx_topology() Fix leak of the FW blob (DDP pkg). Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer allocated for the read of the current topology. This was found by kmemleak, with the following trace for each PF: [<ffffffff8761044d>] kmemdup_noprof+0x1d/0x50 [<ffffffffc0a0a480>] ice_init_ddp_config+0x100/0x220 [ice] [<ffffffffc0a0da7f>] ice_init_dev+0x6f/0x200 [ice] [<ffffffffc0a0dc49>] ice_init+0x29/0x560 [ice] [<ffffffffc0a10c1d>] ice_probe+0x21d/0x310 [ice] Constify ice_cfg_tx_topo() @buf parameter. This cascades further down to few more functions.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6	Patch
https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::

History

11 Dec 2024, 15:35

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6 -~~	() https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6 - Patch
References	~~() https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621 -~~	() https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-401
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

Information

Published : 2024-11-08 06:15

Updated : 2024-12-11 15:35

NVD link : CVE-2024-50190

Mitre link : CVE-2024-50190

CVE.ORG link : CVE-2024-50190

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2024-50190", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-11-08T06:15:15.957", "references": [{"url": "https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memleak in ice_init_tx_topology()\n\nFix leak of the FW blob (DDP pkg).\n\nMake ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid\ncopying whole FW blob. Copy just the topology section, and only when\nneeded. Reuse the buffer allocated for the read of the current topology.\n\nThis was found by kmemleak, with the following trace for each PF:\n [<ffffffff8761044d>] kmemdup_noprof+0x1d/0x50\n [<ffffffffc0a0a480>] ice_init_ddp_config+0x100/0x220 [ice]\n [<ffffffffc0a0da7f>] ice_init_dev+0x6f/0x200 [ice]\n [<ffffffffc0a0dc49>] ice_init+0x29/0x560 [ice]\n [<ffffffffc0a10c1d>] ice_probe+0x21d/0x310 [ice]\n\nConstify ice_cfg_tx_topo() @buf parameter.\nThis cascades further down to few more functions."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: se corrige la p\u00e9rdida de memoria en ice_init_tx_topology() Se corrige la p\u00e9rdida del blob de FW (paquete DDP). Se hace que ice_cfg_tx_topo() sea constante y correcto, de modo que ice_init_tx_topology() pueda evitar copiar todo el blob de FW. Se copia solo la secci\u00f3n de topolog\u00eda y solo cuando es necesario. Se reutiliza el b\u00fafer asignado para la lectura de la topolog\u00eda actual. Esto fue encontrado por kmemleak, con el siguiente rastro para cada PF: [] kmemdup_noprof+0x1d/0x50 [] ice_init_ddp_config+0x100/0x220 [ice] [] ice_init_dev+0x6f/0x200 [ice] [] ice_init+0x29/0x560 [ice] [] ice_probe+0x21d/0x310 [ice] Par\u00e1metros de conversi\u00f3n de ice_cfg_tx_topo() @buf. Esto se aplica en cascada a algunas funciones m\u00e1s."}], "lastModified": "2024-12-11T15:35:15.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ADD5DBE-B520-479C-9FCD-6C8FA848E789", "versionEndExcluding": "6.11.4", "versionStartIncluding": "6.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}