CVE-2024-43871: devres: Fix memory leakage caused by driver API devm_free_percpu()

Published Aug 21, 2024
·
Updated

devres: Fix memory leakage caused by driver API devmfreepercpu()

Other sources

Linux Kernel is vulnerable to a denial of service, caused by a memory leakage when using driver API devmfreepercpu(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

IBM

Affected Software

16 affected componentsFixes available
Linux Linux kernel>=4.10<4.19.320
Linux Linux kernel>=4.20<5.4.282
Linux Linux kernel>=5.5<5.10.224
Linux Linux kernel>=5.11<5.15.165
Linux Linux kernel>=5.16<6.1.103
Linux Linux kernel>=6.2<6.6.44
Linux Linux kernel>=6.7<6.10.3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
Microsoft cbl2 kernel 5.15.167.1-1
Patch available
Microsoft cbl2 kernel 5.15.164.1-1
Patch available
Microsoft cbl2 kernel 5.15.164.1-1
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/3047f99caec240a88ccd06197af2868da1af6a96

Patch Available

https://git.kernel.org/stable/c/3dcd0673e47664bc6c719ad47dadac6d55d5950d

Patch Available

https://git.kernel.org/stable/c/700e8abd65b10792b2f179ce4e858f2ca2880f85

Patch Available

https://git.kernel.org/stable/c/95065edb8ebb27771d5f1e898eef6ab43dc6c87c

Patch Available

https://git.kernel.org/stable/c/b044588a16a978cd891cb3d665dd7ae06850d5bf

Patch Available

https://git.kernel.org/stable/c/b67552d7c61f52f1271031adfa7834545ae99701

Patch Available

https://git.kernel.org/stable/c/bd50a974097bb82d52a458bd3ee39fb723129a0c

Patch Available

https://git.kernel.org/stable/c/ef56dcdca8f2a53abc3a83d388b8336447533d85

Event History

Aug 21, 2024
CVE Published
via MITRE·12:06 AM
Data Sourced
via MITRE·12:06 AM
Description
Data Sourced
via NVD·01:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Oct 12, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
May 13, 2025
Data Sourced
via Ubuntu·12:38 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-43871?

CVE-2024-43871 has a severity rating that indicates a risk of memory leakage in the Linux kernel due to improper handling of memory deallocation.

2

How do I fix CVE-2024-43871?

To fix CVE-2024-43871, ensure that you are using a patched version of the Linux kernel, such as 5.10.226-1, 6.1.123-1, or any later version.

3

What systems are affected by CVE-2024-43871?

CVE-2024-43871 affects various versions of the Linux kernel including those in the ranges from 4.10 to 6.10.3.

4

Is there a risk of exploitation for CVE-2024-43871?

Yes, CVE-2024-43871 could potentially be exploited, leading to performance degradation due to memory leakage.

5

What components does CVE-2024-43871 affect in the Linux kernel?

CVE-2024-43871 affects the driver API specifically related to memory allocation functions, particularly devm_free_percpu() and devm_alloc_percpu().

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203