Updated: 2024-12-23 21:42:31.642606
Description:
In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at the start of the function will never be released. Fix the leak by adding an explicit kobject_put() call when kn is NULL.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Released | CLSA-2024:1719231016 | 2024-06-24 10:10:56 | |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 5.5 | MEDIUM | Released | CLSA-2024:1719241565 | 2024-06-24 11:20:55 | |
CentOS 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-05-30 05:38:13 | ||
CentOS 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2024-05-30 05:38:13 | ||
CentOS 8.4 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-06-24 11:20:55 | ||
CentOS 8.5 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-06-24 11:20:55 | ||
CentOS Stream 8 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Already Fixed | 2024-06-09 14:19:24 | ||
CloudLinux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-05-30 05:38:13 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-05-30 10:10:25 | ||
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.5 | MEDIUM | Released | CLSA-2024:1721664120 | 2024-07-22 14:23:44 |