Main Vulnerability Database SB2024123018

SB2024123018 - Memory leak in Linux kernel iommu iommufd driver

Published: December 30, 2024 Updated: May 12, 2025

Security Bulletin ID SB2024123018

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-56624)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the put_unused_fd() function in drivers/iommu/iommufd/fault.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/2b3f30c8edbf9a122ce01f13f0f41fbca5f1d41d
https://git.kernel.org/stable/c/af7f4780514f850322b2959032ecaa96e4b26472
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13