SB2024123006 - Memory leak in Linux kernel pci driver
Published: December 30, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024123006
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-56745)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the reset_method_store() function in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2985b1844f3f3447f2d938eff1ef6762592065a5
- https://git.kernel.org/stable/c/403efb4457c0c8f8f51e904cc57d39193780c6bd
- https://git.kernel.org/stable/c/543d0eb40e45c6a51f1bff02f417b602e54472d5
- https://git.kernel.org/stable/c/8e098baf6bc3f3a6aefc383509aba07e202f7ee0
- https://git.kernel.org/stable/c/931d07ccffcc3614f20aaf602b31e89754e21c59
- https://git.kernel.org/stable/c/fe6fae61f3b993160aef5fe2b7141a83872c144f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.2