A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).
It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd).
This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too).
TODO: add link to the patch when available
the fixing upstream commit is present since v5.15-rc4 and is:
505d9dcb0f7d ("crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()")