| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In the Linux kernel, the following vulnerability has been resolved:
platform/x86: intel_pmc_core: fix memleak on registration failure
In case device registration fails during module initialisation, the
platform device structure needs to be freed using platform_device_put()
to properly free all resources (e.g. the device name). |
| In the Linux kernel, the following vulnerability has been resolved:
kfence: fix memory leak when cat kfence objects
Hulk robot reported a kmemleak problem:
unreferenced object 0xffff93d1d8cc02e8 (size 248):
comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s)
hex dump (first 32 bytes):
00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@..............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
seq_open+0x2a/0x80
full_proxy_open+0x167/0x1e0
do_dentry_open+0x1e1/0x3a0
path_openat+0x961/0xa20
do_filp_open+0xae/0x120
do_sys_openat2+0x216/0x2f0
do_sys_open+0x57/0x80
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
unreferenced object 0xffff93d419854000 (size 4096):
comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s)
hex dump (first 32 bytes):
6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0
30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12-
backtrace:
seq_read_iter+0x313/0x440
seq_read+0x14b/0x1a0
full_proxy_read+0x56/0x80
vfs_read+0xa5/0x1b0
ksys_read+0xa0/0xf0
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
I find that we can easily reproduce this problem with the following
commands:
cat /sys/kernel/debug/kfence/objects
echo scan > /sys/kernel/debug/kmemleak
cat /sys/kernel/debug/kmemleak
The leaked memory is allocated in the stack below:
do_syscall_64
do_sys_open
do_dentry_open
full_proxy_open
seq_open ---> alloc seq_file
vfs_read
full_proxy_read
seq_read
seq_read_iter
traverse ---> alloc seq_buf
And it should have been released in the following process:
do_syscall_64
syscall_exit_to_user_mode
exit_to_user_mode_prepare
task_work_run
____fput
__fput
full_proxy_release ---> free here
However, the release function corresponding to file_operations is not
implemented in kfence. As a result, a memory leak occurs. Therefore,
the solution to this problem is to implement the corresponding release
function. |
| In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix memory leak in nvmet_alloc_ctrl()
When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger
than cntlid_max of the subsystem, and jumps to the
"out_free_changed_ns_list" label, but the ctrl->sqs lack of be freed.
Fix this by jumping to the "out_free_sqs" label. |
| In the Linux kernel, the following vulnerability has been resolved:
nvme-loop: fix memory leak in nvme_loop_create_ctrl()
When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl()
fails, the loop ctrl should be freed before jumping to the "out" label. |
| In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Fix a memory leak in error handling paths
If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be
updated and 'hv_uio_cleanup()' in the error handling path will not be
able to free the corresponding buffer.
In such a case, we need to free the buffer explicitly. |
| In the Linux kernel, the following vulnerability has been resolved:
mt76: fix potential DMA mapping leak
With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap
could potentially inherit a non-zero value from stack garbage.
If this happens, it will cause DMA mappings for MCU command frames to not be
unmapped after completion |
| In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ss - fix result memory leak on error path
This patch fixes a memory leak on an error path. |
| In the Linux kernel, the following vulnerability has been resolved:
bus: qcom: Put child node before return
Put child node before return to fix potential reference count leak.
Generally, the reference count of child is incremented and decremented
automatically in the macro for_each_available_child_of_node() and should
be decremented manually if the loop is broken in loop body. |
| In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ss - Fix memory leak of pad
It appears there are several failure return paths that don't seem
to be free'ing pad. Fix these.
Addresses-Coverity: ("Resource leak") |
| In the Linux kernel, the following vulnerability has been resolved:
crypto: sa2ul - Fix memory leak of rxd
There are two error return paths that are not freeing rxd and causing
memory leaks. Fix these.
Addresses-Coverity: ("Resource leak") |
| In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Free local data after use
Fixes the following memory leak in dc_link_construct():
unreferenced object 0xffffa03e81471400 (size 1024):
comm "amd_module_load", pid 2486, jiffies 4294946026 (age 10.544s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000000bdf5c4a>] kmem_cache_alloc_trace+0x30a/0x4a0
[<00000000e7c59f0e>] link_create+0xce/0xac0 [amdgpu]
[<000000002fb6c072>] dc_create+0x370/0x720 [amdgpu]
[<000000000094d1f3>] amdgpu_dm_init+0x18e/0x17a0 [amdgpu]
[<00000000bec048fd>] dm_hw_init+0x12/0x20 [amdgpu]
[<00000000a2bb7cf6>] amdgpu_device_init+0x1463/0x1e60 [amdgpu]
[<0000000032d3bb13>] amdgpu_driver_load_kms+0x5b/0x330 [amdgpu]
[<00000000a27834f9>] amdgpu_pci_probe+0x192/0x280 [amdgpu]
[<00000000fec7d291>] local_pci_probe+0x47/0xa0
[<0000000055dbbfa7>] pci_device_probe+0xe3/0x180
[<00000000815da970>] really_probe+0x1c4/0x4e0
[<00000000b4b6974b>] driver_probe_device+0x62/0x150
[<000000000f9ecc61>] device_driver_attach+0x58/0x60
[<000000000f65c843>] __driver_attach+0xd6/0x150
[<000000002f5e3683>] bus_for_each_dev+0x6a/0xc0
[<00000000a1cfc897>] driver_attach+0x1e/0x20 |
| In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7615: fix tx skb dma unmap
The first pointer in the txp needs to be unmapped as well, otherwise it will
leak DMA mapping entries |
| In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7915: fix tx skb dma unmap
The first pointer in the txp needs to be unmapped as well, otherwise it will
leak DMA mapping entries |
| In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7921: fix memory leak in mt7921_coredump_work
Fix possible memory leak in mt7921_coredump_work. |
| In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7615: fix memory leak in mt7615_coredump_work
Similar to the issue fixed in mt7921_coredump_work, fix a possible memory
leak in mt7615_coredump_work routine. |
| In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7615: fix memleak when mt7615_unregister_device()
mt7615_tx_token_put() should get call before mt76_free_pending_txwi(). |
| In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7915: fix memleak when mt7915_unregister_device()
mt7915_tx_token_put() should get call before mt76_free_pending_txwi(). |
| In the Linux kernel, the following vulnerability has been resolved:
soundwire: stream: fix memory leak in stream config error path
When stream config is failed, master runtime will release all
slave runtime in the slave_rt_list, but slave runtime is not
added to the list at this time. This patch frees slave runtime
in the config error path to fix the memory leak. |
| In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Fix memory leak on object td
Two error return paths are neglecting to free allocated object td,
causing a memory leak. Fix this by returning via the error return
path that securely kfree's td.
Fixes clang scan-build warning:
security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential
memory leak [unix.Malloc] |
| In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: Fix a memleak from userdata error path in new objects
Release object name if userdata allocation fails. |
