SB20240531356 - Memory leak in Linux kernel marvell libertas driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-35828)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186
• https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf
• https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7
• https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2
• https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9
• https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3
• https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591
• https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab
• https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2