Memory Leak Affecting kernel-default-base package, versions <6.4.0-150600.23.30.1.150600.12.12.6


Severity

Recommended
medium

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Memory Leak vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-SLES156-KERNELDEFAULTBASE-8514679
  • published14 Dec 2024
  • disclosed13 Dec 2024

Introduced: 13 Dec 2024

NewCVE-2024-50231  (opens in a new tab)
CWE-401  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 kernel-default-base to version 6.4.0-150600.23.30.1.150600.12.12.6 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-default-base package and not the kernel-default-base package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()

modprobe iio-test-gts and rmmod it, then the following memory leak occurs:

unreferenced object 0xffffff80c810be00 (size 64):
  comm &#34;kunit_try_catch&#34;, pid 1654, jiffies 4294913981
  hex dump (first 32 bytes):
    02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00  ........ ...@...
    80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00  ................
  backtrace (crc a63d875e):
    [&lt;0000000028c1b3c2&gt;] kmemleak_alloc+0x34/0x40
    [&lt;000000001d6ecc87&gt;] __kmalloc_noprof+0x2bc/0x3c0
    [&lt;00000000393795c1&gt;] devm_iio_init_iio_gts+0x4b4/0x16f4
    [&lt;0000000071bb4b09&gt;] 0xffffffdf052a62e0
    [&lt;000000000315bc18&gt;] 0xffffffdf052a6488
    [&lt;00000000f9dc55b5&gt;] kunit_try_run_case+0x13c/0x3ac
    [&lt;00000000175a3fd4&gt;] kunit_generic_run_threadfn_adapter+0x80/0xec
    [&lt;00000000f505065d&gt;] kthread+0x2e8/0x374
    [&lt;00000000bbfb0e5d&gt;] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cbfe9e70 (size 16):
  comm &#34;kunit_try_catch&#34;, pid 1658, jiffies 4294914015
  hex dump (first 16 bytes):
    10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00  ....@...........
  backtrace (crc 857f0cb4):
    [&lt;0000000028c1b3c2&gt;] kmemleak_alloc+0x34/0x40
    [&lt;000000001d6ecc87&gt;] __kmalloc_noprof+0x2bc/0x3c0
    [&lt;00000000393795c1&gt;] devm_iio_init_iio_gts+0x4b4/0x16f4
    [&lt;0000000071bb4b09&gt;] 0xffffffdf052a62e0
    [&lt;000000007d089d45&gt;] 0xffffffdf052a6864
    [&lt;00000000f9dc55b5&gt;] kunit_try_run_case+0x13c/0x3ac
    [&lt;00000000175a3fd4&gt;] kunit_generic_run_threadfn_adapter+0x80/0xec
    [&lt;00000000f505065d&gt;] kthread+0x2e8/0x374
    [&lt;00000000bbfb0e5d&gt;] ret_from_fork+0x10/0x20
......

It includes 55 times "size 64" memory leaks, which correspond to 5 times test_init_iio_gain_scale() calls with gts_test_gains size 10 (10size(int)) and gts_test_itimes size 5. It also includes 51 times "size 16" memory leak, which correspond to one time __test_init_iio_gain_scale() call with gts_test_gains_gain_low size 3 (3size(int)) and gts_test_itimes size 5.

The reason is that the per_time_gains[i] is not freed which is allocated in the "gts->num_itime" for loop in iio_gts_build_avail_scale_table().

CVSS Scores

version 3.1