CVE-2024-26655 - Vulnerability Details - OpenCVE

ReportizFlow

In the Linux kernel, the following vulnerability has been resolved: Fix memory leak in posix_clock_open() If the clk ops.open() function returns an error, we don't release the pccontext we allocated for this clock. Re-organize the code slightly to make it all more obvious.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0200dd7ed2335469955d7e69cc1a6fa7df1f3847
https://git.kernel.org/stable/c/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8
https://git.kernel.org/stable/c/a88649b49523e8cbe95254440d803e38c19d2341
https://lore.kernel.org/linux-cve-announce/2024040124-CVE-2024-26655-265a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26655
https://www.cve.org/CVERecord?id=CVE-2024-26655

History

Tue, 05 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-01T14:58:20.433Z

Updated: 2024-12-19T08:44:24.490Z

Reserved: 2024-02-19T14:20:24.144Z

Link: CVE-2024-26655

Vulnrichment

Updated: 2024-08-02T00:07:19.745Z

NVD

Status : Awaiting Analysis

Published: 2024-04-01T15:15:49.910

Modified: 2024-11-21T09:02:46.583

Link: CVE-2024-26655

Redhat

Severity : Moderate

Publid Date: 2024-04-01T00:00:00Z

Links: CVE-2024-26655 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26655", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.144Z", "datePublished": "2024-04-01T14:58:20.433Z", "dateUpdated": "2024-12-19T08:44:24.490Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:44:24.490Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFix memory leak in posix_clock_open()\n\nIf the clk ops.open() function returns an error, we don't release the\npccontext we allocated for this clock.\n\nRe-organize the code slightly to make it all more obvious."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/time/posix-clock.c"], "versions": [{"version": "60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056", "lessThan": "a88649b49523e8cbe95254440d803e38c19d2341", "status": "affected", "versionType": "git"}, {"version": "60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056", "lessThan": "0200dd7ed2335469955d7e69cc1a6fa7df1f3847", "status": "affected", "versionType": "git"}, {"version": "60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056", "lessThan": "5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/time/posix-clock.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/a88649b49523e8cbe95254440d803e38c19d2341"}, {"url": "https://git.kernel.org/stable/c/0200dd7ed2335469955d7e69cc1a6fa7df1f3847"}, {"url": "https://git.kernel.org/stable/c/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8"}], "title": "Fix memory leak in posix_clock_open()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.745Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a88649b49523e8cbe95254440d803e38c19d2341", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0200dd7ed2335469955d7e69cc1a6fa7df1f3847", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26655", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:53:56.313860Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:41.776Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a88649b49523e8cbe95254440d803e38c19d2341", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0200dd7ed2335469955d7e69cc1a6fa7df1f3847", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.745Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26655", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:53:56.313860Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.200Z"}}], "cna": {"title": "Fix memory leak in posix_clock_open()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056", "lessThan": "a88649b49523e8cbe95254440d803e38c19d2341", "versionType": "git"}, {"status": "affected", "version": "60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056", "lessThan": "0200dd7ed2335469955d7e69cc1a6fa7df1f3847", "versionType": "git"}, {"status": "affected", "version": "60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056", "lessThan": "5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8", "versionType": "git"}], "programFiles": ["kernel/time/posix-clock.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.7"}, {"status": "unaffected", "version": "0", "lessThan": "6.7", "versionType": "semver"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/time/posix-clock.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a88649b49523e8cbe95254440d803e38c19d2341"}, {"url": "https://git.kernel.org/stable/c/0200dd7ed2335469955d7e69cc1a6fa7df1f3847"}, {"url": "https://git.kernel.org/stable/c/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFix memory leak in posix_clock_open()\n\nIf the clk ops.open() function returns an error, we don't release the\npccontext we allocated for this clock.\n\nRe-organize the code slightly to make it all more obvious."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:44:24.490Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26655", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:44:24.490Z", "dateReserved": "2024-02-19T14:20:24.144Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-01T14:58:20.433Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: posix-clock: memory leak in posix_clock_open()", "id": "2272530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272530"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nFix memory leak in posix_clock_open()\nIf the clk ops.open() function returns an error, we don't release the\npccontext we allocated for this clock.\nRe-organize the code slightly to make it all more obvious.", "A vulnerability was found in the posix_clock_open() function of Linux Kernel, where failure of the clk ops.open() function initialize a clock results in a memory leak, when the allocated resources, such as pccontext were not properly released upon encountering errors during clock initialization, this could lead to gradual depletion of system memory resources over time."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2024-26655", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26655\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26655\nhttps://lore.kernel.org/linux-cve-announce/2024040124-CVE-2024-26655-265a@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.9-rc2"}