CVE-2024-43913

In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Split the allocation side out to make the error handling boundary easier to navigate. The apple driver had been doing this wrong, leaking the controller device memory on a tagset failure.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210	Patch
https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d	Patch
https://git.kernel.org/stable/c/f7d9a18572fcd7130459b7691bd19ee2a2e951ad

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-26 11:15

Updated : 2024-12-09 13:10

NVD link : CVE-2024-43913

Mitre link : CVE-2024-43913

CVE.ORG link : CVE-2024-43913

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2024-43913", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-26T11:15:05.330", "references": [{"url": "https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7d9a18572fcd7130459b7691bd19ee2a2e951ad", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nvme: apple: corrige el recuento de referencias del dispositivo Los controladores deben llamar a nvme_uninit_ctrl despu\u00e9s de un nvme_init_ctrl exitoso. Divida el lado de la asignaci\u00f3n para que sea m\u00e1s f\u00e1cil navegar por el l\u00edmite de manejo de errores. El controlador de Apple hab\u00eda estado haciendo esto mal, perdiendo la memoria del dispositivo controlador debido a una falla en el conjunto de etiquetas."}], "lastModified": "2024-12-09T13:10:03.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4CB0927-C720-465B-99F2-3E47215515F2", "versionEndExcluding": "6.10.5"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}