CVE-2024-26896 Affecting kernel-docs package, versions <5.14.21-150500.55.62.2


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES155-KERNELDOCS-6859209
  • published16 May 2024
  • disclosed15 May 2024

Introduced: 15 May 2024

CVE-2024-26896  (opens in a new tab)

How to fix?

Upgrade SLES:15.5 kernel-docs to version 5.14.21-150500.55.62.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-docs package and not the kernel-docs package as distributed by SLES. See How to fix? for SLES:15.5 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

wifi: wfx: fix memory leak when starting AP

Kmemleak reported this error:

unreferenced object 0xd73d1180 (size 184):
  comm &#34;wpa_supplicant&#34;, pid 1559, jiffies 13006305 (age 964.245s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00  ................
  backtrace:
    [&lt;5ca11420&gt;] kmem_cache_alloc+0x20c/0x5ac
    [&lt;127bdd74&gt;] __alloc_skb+0x144/0x170
    [&lt;fb8a5e38&gt;] __netdev_alloc_skb+0x50/0x180
    [&lt;0f9fa1d5&gt;] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]
    [&lt;7accd02d&gt;] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]
    [&lt;41e25cc3&gt;] wfx_start_ap+0xc8/0x234 [wfx]
    [&lt;93a70356&gt;] ieee80211_start_ap+0x404/0x6b4 [mac80211]
    [&lt;a4a661cd&gt;] nl80211_start_ap+0x76c/0x9e0 [cfg80211]
    [&lt;47bd8b68&gt;] genl_rcv_msg+0x198/0x378
    [&lt;453ef796&gt;] netlink_rcv_skb+0xd0/0x130
    [&lt;6b7c977a&gt;] genl_rcv+0x34/0x44
    [&lt;66b2d04d&gt;] netlink_unicast+0x1b4/0x258
    [&lt;f965b9b6&gt;] netlink_sendmsg+0x1e8/0x428
    [&lt;aadb8231&gt;] ____sys_sendmsg+0x1e0/0x274
    [&lt;d2b5212d&gt;] ___sys_sendmsg+0x80/0xb4
    [&lt;69954f45&gt;] __sys_sendmsg+0x64/0xa8
unreferenced object 0xce087000 (size 1024):
  comm &#34;wpa_supplicant&#34;, pid 1559, jiffies 13006305 (age 964.246s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [&lt;9a993714&gt;] __kmalloc_track_caller+0x230/0x600
    [&lt;f83ea192&gt;] kmalloc_reserve.constprop.0+0x30/0x74
    [&lt;a2c61343&gt;] __alloc_skb+0xa0/0x170
    [&lt;fb8a5e38&gt;] __netdev_alloc_skb+0x50/0x180
    [&lt;0f9fa1d5&gt;] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]
    [&lt;7accd02d&gt;] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]
    [&lt;41e25cc3&gt;] wfx_start_ap+0xc8/0x234 [wfx]
    [&lt;93a70356&gt;] ieee80211_start_ap+0x404/0x6b4 [mac80211]
    [&lt;a4a661cd&gt;] nl80211_start_ap+0x76c/0x9e0 [cfg80211]
    [&lt;47bd8b68&gt;] genl_rcv_msg+0x198/0x378
    [&lt;453ef796&gt;] netlink_rcv_skb+0xd0/0x130
    [&lt;6b7c977a&gt;] genl_rcv+0x34/0x44
    [&lt;66b2d04d&gt;] netlink_unicast+0x1b4/0x258
    [&lt;f965b9b6&gt;] netlink_sendmsg+0x1e8/0x428
    [&lt;aadb8231&gt;] ____sys_sendmsg+0x1e0/0x274
    [&lt;d2b5212d&gt;] ___sys_sendmsg+0x80/0xb4

However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy.

CVSS Scores

version 3.1