2300383 – (CVE-2024-41025) CVE-2024-41025 kernel: misc: fastrpc: Fix memory leak in audio daemon attach operation

Bug 2300383 (CVE-2024-41025) - CVE-2024-41025 kernel: misc: fastrpc: Fix memory leak in audio daemon attach operation

Summary: CVE-2024-41025 kernel: misc: fastrpc: Fix memory leak in audio daemon attach ...

Keywords:
Status:	NEW
Alias:	CVE-2024-41025
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2301470
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-29 15:21 UTC by OSIDB Bzimport
Modified:	2024-09-24 13:38 UTC (History)
CC List:	4 users (show)
Fixed In Version:	kernel 6.6.41, kernel 6.9.10, kernel 6.10
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Linux kernel's fastrpc driver where improper memory management leads to the Audio PD daemon not freeing unneeded memory and potentially leading to a memory leak over time.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-29 15:21:08 UTC

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Fix memory leak in audio daemon attach operation

Audio PD daemon send the name as part of the init IOCTL call. This
name needs to be copied to kernel for which memory is allocated.
This memory is never freed which might result in memory leak. Free
the memory when it is not needed.

Comment 1 Mauro Matteo Cascella 2024-07-30 08:29:59 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072919-CVE-2024-41025-0e03@gregkh/T

Comment 2 Mauro Matteo Cascella 2024-07-30 08:30:18 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301470]

Note You need to log in before you can comment on or make changes to this bug.