CVE-2024-27388

medium

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

References

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044

https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8

https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8

https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364

https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69

https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4

https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c

https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3

https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d

Details

Source: Mitre, NVD

Published: 2024-05-01

Updated: 2024-06-27

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium