Bug 2272530 (CVE-2024-26655)

Summary: CVE-2024-26655 kernel: posix-clock: memory leak in posix_clock_open()
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sidakwo, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 6.9-rc2 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the posix_clock_open() function of Linux Kernel, where failure of the clk ops.open() function initialize a clock results in a memory leak, when the allocated resources, such as pccontext were not properly released upon encountering errors during clock initialization, this could lead to gradual depletion of system memory resources over time.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2272531    
Bug Blocks:    

Description Mauro Matteo Cascella 2024-04-01 19:12:16 UTC 
In the Linux kernel, the following vulnerability has been resolved:

Fix memory leak in posix_clock_open()

The Linux kernel CVE team has assigned CVE-2024-26655 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040124-CVE-2024-26655-265a@gregkh/T
Comment 1 Mauro Matteo Cascella 2024-04-01 19:12:53 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2272531]
Comment 2 Alex 2024-06-09 13:19:57 UTC 
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-26655 is: 	SKIP	The Fixes patch not applied yet, so unlikely that actual: 60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056	YES			NO	NO	unknown (where first YES/NO value means if related sources built).