{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41025", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.615Z", "datePublished": "2024-07-29T14:31:42.275Z", "dateUpdated": "2024-09-11T17:34:04.602Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:31:42.275Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\n\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/fastrpc.c"], "versions": [{"version": "0871561055e6", "lessThan": "8b8b82dcf393", "status": "affected", "versionType": "git"}, {"version": "0871561055e6", "lessThan": "dbf4c31c9b03", "status": "affected", "versionType": "git"}, {"version": "0871561055e6", "lessThan": "ad0bd973a033", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/fastrpc.c"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2"}, {"url": "https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64"}, {"url": "https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e"}], "title": "misc: fastrpc: Fix memory leak in audio daemon attach operation", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.182Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41025", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:12.469695Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:04.602Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.182Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41025", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:12.469695Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.511Z"}}], "cna": {"title": "misc: fastrpc: Fix memory leak in audio daemon attach operation", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0871561055e6", "lessThan": "8b8b82dcf393", "versionType": "git"}, {"status": "affected", "version": "0871561055e6", "lessThan": "dbf4c31c9b03", "versionType": "git"}, {"status": "affected", "version": "0871561055e6", "lessThan": "ad0bd973a033", "versionType": "git"}], "programFiles": ["drivers/misc/fastrpc.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.2"}, {"status": "unaffected", "version": "0", "lessThan": "6.2", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/misc/fastrpc.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2"}, {"url": "https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64"}, {"url": "https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\n\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:31:42.275Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41025", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:04.602Z", "dateReserved": "2024-07-12T12:17:45.615Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:31:42.275Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\n\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: corrige la p\u00e9rdida de memoria en la operaci\u00f3n de conexi\u00f3n del daemon de audio. El daemon PD de audio env\u00eda el nombre como parte de la llamada init IOCTL. Este nombre debe copiarse en el kernel para el que se asigna la memoria. Esta memoria nunca se libera, lo que podr\u00eda provocar una p\u00e9rdida de memoria. Libera la memoria cuando no sea necesaria."}], "id": "CVE-2024-41025", "lastModified": "2024-07-29T16:21:52.517", "metrics": {}, "published": "2024-07-29T15:15:11.343", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8b8b82dcf393ceaca8c88939338fd4c30b5b11b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ad0bd973a033003ca578c42a760d1dc77aeea15e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dbf4c31c9b039fd9734da156036492a2a7f78f64"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: misc: fastrpc: Fix memory leak in audio daemon attach operation", "id": "2300383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300383"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmisc: fastrpc: Fix memory leak in audio daemon attach operation\nAudio PD daemon send the name as part of the init IOCTL call. This\nname needs to be copied to kernel for which memory is allocated.\nThis memory is never freed which might result in memory leak. Free\nthe memory when it is not needed."], "name": "CVE-2024-41025", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41025\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41025\nhttps://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41025-0e03@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.6.41, kernel 6.9.10, kernel 6.10"}