SB2024070440 - Memory leak in Linux kernel nfc nci

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-26825)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81
• https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf
• https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d
• https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23
• https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895
• https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1
• https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9
• https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.307
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8