{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50068", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T19:36:19.939Z", "datePublished": "2024-10-29T00:50:08.897Z", "dateUpdated": "2024-11-05T09:54:25.333Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:54:25.333Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()\n\nThe sysfs_target->regions allocated in damon_sysfs_regions_alloc() is not\nfreed in damon_sysfs_test_add_targets(), which cause the following memory\nleak, free it to fix it.\n\n\tunreferenced object 0xffffff80c2a8db80 (size 96):\n\t comm \"kunit_try_catch\", pid 187, jiffies 4294894363\n\t hex dump (first 32 bytes):\n\t 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n\t 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n\t backtrace (crc 0):\n\t [<0000000001e3714d>] kmemleak_alloc+0x34/0x40\n\t [<000000008e6835c1>] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [<000000001286d9f8>] damon_sysfs_test_add_targets+0x1cc/0x738\n\t [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac\n\t [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<00000000adf936cf>] kthread+0x2e8/0x374\n\t [<0000000041bb1628>] ret_from_fork+0x10/0x20"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/tests/sysfs-kunit.h"], "versions": [{"version": "b8ee5575f763", "lessThan": "05d43455f6bf", "status": "affected", "versionType": "git"}, {"version": "b8ee5575f763", "lessThan": "2d6a1c835685", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/tests/sysfs-kunit.h"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.5", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/05d43455f6bffa6abc7b937ca58be00452e6973f"}, {"url": "https://git.kernel.org/stable/c/2d6a1c835685de3b0c8e8dc871f60f4ef92ab01a"}], "title": "mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()", "x_generator": {"engine": "bippy-9e1c9544281a"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC", "versionEndExcluding": "6.11.5", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()\n\nThe sysfs_target->regions allocated in damon_sysfs_regions_alloc() is not\nfreed in damon_sysfs_test_add_targets(), which cause the following memory\nleak, free it to fix it.\n\n\tunreferenced object 0xffffff80c2a8db80 (size 96):\n\t comm \"kunit_try_catch\", pid 187, jiffies 4294894363\n\t hex dump (first 32 bytes):\n\t 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n\t 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n\t backtrace (crc 0):\n\t [<0000000001e3714d>] kmemleak_alloc+0x34/0x40\n\t [<000000008e6835c1>] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [<000000001286d9f8>] damon_sysfs_test_add_targets+0x1cc/0x738\n\t [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac\n\t [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<00000000adf936cf>] kthread+0x2e8/0x374\n\t [<0000000041bb1628>] ret_from_fork+0x10/0x20"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/tests/sysfs-kunit.h: corrige p\u00e9rdida de memoria en damon_sysfs_test_add_targets(). La regi\u00f3n sysfs_target-&gt;regions asignada en damon_sysfs_regions_alloc() no se libera en damon_sysfs_test_add_targets(), lo que causa la siguiente p\u00e9rdida de memoria; lib\u00e9rela para corregirla. objeto sin referencia 0xffffff80c2a8db80 (tama\u00f1o 96): comm \"kunit_try_catch\", pid 187, jiffies 4294894363 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): [&lt;0000000001e3714d&gt;] kmemleak_alloc+0x34/0x40 [&lt;000000008e6835c1&gt;] __kmalloc_cache_noprof+0x26c/0x2f4 [&lt;000000001286d9f8&gt;] damon_sysfs_test_add_targets+0x1cc/0x738 [&lt;0000000032ef8f77&gt;] kunit_try_run_case+0x13c/0x3ac [&lt;00000000f3edea23&gt;] kunit_generic_run_threadfn_adapter+0x80/0xec [&lt;00000000adf936cf&gt;] kthread+0x2e8/0x374 [&lt;0000000041bb1628&gt;] ret_from_fork+0x10/0x20"}], "id": "CVE-2024-50068", "lastModified": "2024-10-30T16:57:35.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-29T01:15:04.107", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/05d43455f6bffa6abc7b937ca58be00452e6973f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2d6a1c835685de3b0c8e8dc871f60f4ef92ab01a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()", "id": "2322305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322305"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()\nThe sysfs_target->regions allocated in damon_sysfs_regions_alloc() is not\nfreed in damon_sysfs_test_add_targets(), which cause the following memory\nleak, free it to fix it.\nunreferenced object 0xffffff80c2a8db80 (size 96):\ncomm \"kunit_try_catch\", pid 187, jiffies 4294894363\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 0):\n[<0000000001e3714d>] kmemleak_alloc+0x34/0x40\n[<000000008e6835c1>] __kmalloc_cache_noprof+0x26c/0x2f4\n[<000000001286d9f8>] damon_sysfs_test_add_targets+0x1cc/0x738\n[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac\n[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec\n[<00000000adf936cf>] kthread+0x2e8/0x374\n[<0000000041bb1628>] ret_from_fork+0x10/0x20"], "name": "CVE-2024-50068", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50068\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50068\nhttps://lore.kernel.org/linux-cve-announce/2024102930-CVE-2024-50068-2e3c@gregkh/T"], "threat_severity": "Moderate"}