SB2024102168 - Memory leak in Linux kernel iommu iommufd driver
Published: October 21, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024102168
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-47719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iopt_alloc_iova() function in drivers/iommu/iommufd/io_pagetable.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/cd6dd564ae7d99967ef50078216929418160b30e
- https://git.kernel.org/stable/c/a6e9f9fd14772c0b23c6d1d7002d98f9d27cb1f6
- https://git.kernel.org/stable/c/72b78287ce92802e8ba678181a34b84ae844a112
- https://git.kernel.org/stable/c/8f6887349b2f829a4121c518aeb064fc922714e4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.54