发布时间: 2024年4月12日
修改时间: 2024年5月27日
In the Linux kernel, the following vulnerability has been resolved:NFC: st21nfca: Fix memory leak in device probe and remove phy->pending_skb is alloced when device probe, but forgot to freein the error handling path and remove path, this cause memory leakas follows:unreferenced object 0xffff88800bc06800 (size 512): comm 8 , pid 11775, jiffies 4295159829 (age 9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450 [<00000000c93382b3>] kmalloc_reserve+0x37/0xd0 [<000000005fea522c>] __alloc_skb+0x124/0x380 [<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2Fix it by freeing pending_skb in error and remove.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.5 | 4.3 |
| Attack Vector | Local | Adjacent |
| Attack Complexity | Low | Low |
| Privileges Required | Low | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | Low |
| Integrity | None | None |
| Availability | High | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-4772 | kernel security update | 2024年4月12日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | kernel | Fixed |
| KY3.4-5A | kernel | Fixed |
| KY3.5.1 | kernel | Unaffected |
| KY3.5.2 | kernel | Unaffected |
