Vulnerabilities > CVE-2024-38603 - Memory Leak vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action() fails, the irq vector is not freed, which leads to a memory leak. Replace the devm_add_action with devm_add_action_or_reset to ensure the irq vector can be destroyed when it fails.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/1491a01ef5a98149048b12e208f6ed8e86ad10b9
- https://git.kernel.org/stable/c/a7678a16c25b6ece1667ac681e3e783ff3de7a6f
- https://git.kernel.org/stable/c/2fcffaaf529d5fe3fdc6c0ee65a6f266b74de782
- https://git.kernel.org/stable/c/b1e86f1ef8fa796f8935be392457639f3a907d91
- https://git.kernel.org/stable/c/582c1aeee0a9e73010cf1c4cef338709860deeb0