ghsa-36r9-gj33-8p48
Vulnerability from github
Published
2024-12-29 12:30
Modified
2025-01-08 00:30
Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
apparmor: test: Fix memory leak for aa_unpack_strdup()
The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks, free them to fix it.
unreferenced object 0xffffff80c6af8a50 (size 8):
comm "kunit_try_catch", pid 225, jiffies 4294894407
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80c2a29090 (size 8):
comm "kunit_try_catch", pid 227, jiffies 4294894409
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
{
"affected": [],
"aliases": [
"CVE-2024-56741"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-29T12:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: test: Fix memory leak for aa_unpack_strdup()\n\nThe string allocated by kmemdup() in aa_unpack_strdup() is not\nfreed and cause following memory leaks, free them to fix it.\n\n\tunreferenced object 0xffffff80c6af8a50 (size 8):\n\t comm \"kunit_try_catch\", pid 225, jiffies 4294894407\n\t hex dump (first 8 bytes):\n\t 74 65 73 74 69 6e 67 00 testing.\n\t backtrace (crc 5eab668b):\n\t [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000006e6c7776\u003e] __kmalloc_node_track_caller_noprof+0x300/0x3e0\n\t [\u003c000000006870467c\u003e] kmemdup_noprof+0x34/0x60\n\t [\u003c000000001176bb03\u003e] aa_unpack_strdup+0xd0/0x18c\n\t [\u003c000000008ecde918\u003e] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec\n\t [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80c2a29090 (size 8):\n\t comm \"kunit_try_catch\", pid 227, jiffies 4294894409\n\t hex dump (first 8 bytes):\n\t 74 65 73 74 69 6e 67 00 testing.\n\t backtrace (crc 5eab668b):\n\t [\u003c0000000001e3714d\u003e] kmemleak_alloc+0x34/0x40\n\t [\u003c000000006e6c7776\u003e] __kmalloc_node_track_caller_noprof+0x300/0x3e0\n\t [\u003c000000006870467c\u003e] kmemdup_noprof+0x34/0x60\n\t [\u003c000000001176bb03\u003e] aa_unpack_strdup+0xd0/0x18c\n\t [\u003c0000000046a45c1a\u003e] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4\n\t [\u003c0000000032ef8f77\u003e] kunit_try_run_case+0x13c/0x3ac\n\t [\u003c00000000f3edea23\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [\u003c00000000adf936cf\u003e] kthread+0x2e8/0x374\n\t [\u003c0000000041bb1628\u003e] ret_from_fork+0x10/0x20",
"id": "GHSA-36r9-gj33-8p48",
"modified": "2025-01-08T00:30:48Z",
"published": "2024-12-29T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56741"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a9b68f2dc6812bd1b8880b5c00e60203d6f61f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5354599855a9b5568e05ce686119ee3ff8b19bd5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59a149e7c38e7b76616c8b333fc6aa5b6fb2293c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7290f59231910ccba427d441a6e8b8c6f6112448"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/89265f88701e54dde255ddf862093baeca57548c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d62ee5739a66644b0e7f11e657d562458cdcdea3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f856246ff6da25c4f8fdd73a9c875e878b085e9f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.