{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35858", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.106Z", "datePublished": "2024-05-17T14:47:33.401Z", "dateUpdated": "2025-05-04T09:07:00.291Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:07:00.291Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix memory leak when bringing down interface\n\nWhen bringing down the TX rings we flush the rings but forget to\nreclaimed the flushed packets. This leads to a memory leak since we\ndo not free the dma mapped buffers. This also leads to tx control\nblock corruption when bringing down the interface for power\nmanagement."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c"], "versions": [{"version": "490cb412007de593e07c1d3e2b1ec4233886707c", "lessThan": "09040baf8779ad880e0e0d0ea10e57aa929ef3ab", "status": "affected", "versionType": "git"}, {"version": "490cb412007de593e07c1d3e2b1ec4233886707c", "lessThan": "2389ad1990163d29cba5480d693b4c2e31cc545c", "status": "affected", "versionType": "git"}, {"version": "490cb412007de593e07c1d3e2b1ec4233886707c", "lessThan": "9f898fc2c31fbf0ac5ecd289f528a716464cb005", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.8.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab"}, {"url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c"}, {"url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005"}], "title": "net: bcmasp: fix memory leak when bringing down interface", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:49.040Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:41:37.023681Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:17.762Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:49.040Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:41:37.023681Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:15.986Z"}}], "cna": {"title": "net: bcmasp: fix memory leak when bringing down interface", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "490cb412007de593e07c1d3e2b1ec4233886707c", "lessThan": "09040baf8779ad880e0e0d0ea10e57aa929ef3ab", "versionType": "git"}, {"status": "affected", "version": "490cb412007de593e07c1d3e2b1ec4233886707c", "lessThan": "2389ad1990163d29cba5480d693b4c2e31cc545c", "versionType": "git"}, {"status": "affected", "version": "490cb412007de593e07c1d3e2b1ec4233886707c", "lessThan": "9f898fc2c31fbf0ac5ecd289f528a716464cb005", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.30", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab"}, {"url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c"}, {"url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix memory leak when bringing down interface\n\nWhen bringing down the TX rings we flush the rings but forget to\nreclaimed the flushed packets. This leads to a memory leak since we\ndo not free the dma mapped buffers. This also leads to tx control\nblock corruption when bringing down the interface for power\nmanagement."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:56:43.899Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35858", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:56:43.899Z", "dateReserved": "2024-05-17T13:50:33.106Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:47:33.401Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4D9BC34-65C4-4ACE-ABEF-1029C09F30B3", "versionEndExcluding": "6.6.30", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612", "versionEndExcluding": "6.8.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix memory leak when bringing down interface\n\nWhen bringing down the TX rings we flush the rings but forget to\nreclaimed the flushed packets. This leads to a memory leak since we\ndo not free the dma mapped buffers. This also leads to tx control\nblock corruption when bringing down the interface for power\nmanagement."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bcmasp: corrige la p\u00e9rdida de memoria al desactivar la interfaz. Al desactivar los anillos TX, los limpiamos pero nos olvidamos de recuperar los paquetes eliminados. Esto provoca una p\u00e9rdida de memoria ya que no liberamos los b\u00fafers asignados por dma. Esto tambi\u00e9n conduce a la corrupci\u00f3n del bloque de control de transmisi\u00f3n al desactivar la interfaz para la administraci\u00f3n de energ\u00eda."}], "id": "CVE-2024-35858", "lastModified": "2024-12-30T18:12:40.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T15:15:23.313", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09040baf8779ad880e0e0d0ea10e57aa929ef3ab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2389ad1990163d29cba5480d693b4c2e31cc545c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f898fc2c31fbf0ac5ecd289f528a716464cb005"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: bcmasp: fix memory leak when bringing down interface", "id": "2281245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281245"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: bcmasp: fix memory leak when bringing down interface\nWhen bringing down the TX rings we flush the rings but forget to\nreclaimed the flushed packets. This leads to a memory leak since we\ndo not free the dma mapped buffers. This also leads to tx control\nblock corruption when bringing down the interface for power\nmanagement.", "A vulnerability was found in the Linux kernel's bcmasp network driver, which causes a memory leak when an interface is brought down. This issue can lead to memory exhaustion over time, affecting system performance and stability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35858", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35858\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35858\nhttps://lore.kernel.org/linux-cve-announce/2024051742-CVE-2024-35858-1470@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}

{}