SB2024073113 - Memory leak in Linux kernel nvme target driver
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024073113
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-41079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_execute_admin_connect() and nvmet_execute_io_connect() functions in drivers/nvme/target/fabrics-cmd.c, within the pr_debug() and nvmet_execute_auth_receive() functions in drivers/nvme/target/fabrics-cmd-auth.c, within the nvmet_req_init() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2
- https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d
- https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319
- https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.42