CVE-2024-38632 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376
https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140
https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2
https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079
https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594
https://lore.kernel.org/linux-cve-announce/2024062142-CVE-2024-38632-eaf6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38632
https://www.cve.org/CVERecord?id=CVE-2024-38632

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00047}`	epss `{'score': 0.00049}`

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Thu, 17 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 17 Oct 2024 14:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079 https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594

Thu, 12 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Sep 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-21T10:18:22.236Z

Updated: 2025-05-04T12:56:55.296Z

Reserved: 2024-06-18T19:36:34.947Z

Link: CVE-2024-38632

Vulnrichment

Updated: 2024-08-02T04:12:26.012Z

NVD

Status : Modified

Published: 2024-06-21T11:15:11.960

Modified: 2024-11-21T09:26:32.187

Link: CVE-2024-38632

Redhat

Severity : Low

Publid Date: 2024-06-21T00:00:00Z

Links: CVE-2024-38632 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38632", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.947Z", "datePublished": "2024-06-21T10:18:22.236Z", "dateUpdated": "2025-05-04T12:56:55.296Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:56:55.296Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vfio/pci/vfio_pci_intrs.c"], "versions": [{"version": "4cb0d7532126d23145329826c38054b4e9a05e7c", "lessThan": "a6d810554d7d9d07041f14c5fcd453f3d3fed594", "status": "affected", "versionType": "git"}, {"version": "7d29d4c72c1e196cce6969c98072a272d1a703b3", "lessThan": "91ced077db2062604ec270b1046f8337e9090079", "status": "affected", "versionType": "git"}, {"version": "69276a555c740acfbff13fb5769ee9c92e1c828e", "lessThan": "0bd22a4966d55f1d2c127a53300d5c2b50152376", "status": "affected", "versionType": "git"}, {"version": "18c198c96a815c962adc2b9b77909eec0be7df4d", "lessThan": "35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140", "status": "affected", "versionType": "git"}, {"version": "18c198c96a815c962adc2b9b77909eec0be7df4d", "lessThan": "82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2", "status": "affected", "versionType": "git"}, {"version": "b18fa894d615c8527e15d96b76c7448800e13899", "status": "affected", "versionType": "git"}, {"version": "27d40bf72dd9a6600b76ad05859176ea9a1b4897", "status": "affected", "versionType": "git"}, {"version": "4c089cefe30924fbe20dd1ee92774ea1f5eca834", "status": "affected", "versionType": "git"}, {"version": "0e09cf81959d9f12b75ad5c6dd53d237432ed034", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vfio/pci/vfio_pci_intrs.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.4", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.154", "versionEndExcluding": "5.15.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.84", "versionEndExcluding": "6.1.113"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.24", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.9.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.215"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594"}, {"url": "https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079"}, {"url": "https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376"}, {"url": "https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140"}, {"url": "https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2"}], "title": "vfio/pci: fix potential memory leak in vfio_intx_enable()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.012Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:09:02.671800Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:44.469Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.012Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:09:02.671800Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:25.499Z"}}], "cna": {"title": "vfio/pci: fix potential memory leak in vfio_intx_enable()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4cb0d7532126d23145329826c38054b4e9a05e7c", "lessThan": "a6d810554d7d9d07041f14c5fcd453f3d3fed594", "versionType": "git"}, {"status": "affected", "version": "7d29d4c72c1e196cce6969c98072a272d1a703b3", "lessThan": "91ced077db2062604ec270b1046f8337e9090079", "versionType": "git"}, {"status": "affected", "version": "69276a555c740acfbff13fb5769ee9c92e1c828e", "lessThan": "0bd22a4966d55f1d2c127a53300d5c2b50152376", "versionType": "git"}, {"status": "affected", "version": "18c198c96a815c962adc2b9b77909eec0be7df4d", "lessThan": "35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140", "versionType": "git"}, {"status": "affected", "version": "18c198c96a815c962adc2b9b77909eec0be7df4d", "lessThan": "82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2", "versionType": "git"}, {"status": "affected", "version": "b18fa894d615c8527e15d96b76c7448800e13899", "versionType": "git"}, {"status": "affected", "version": "27d40bf72dd9a6600b76ad05859176ea9a1b4897", "versionType": "git"}, {"status": "affected", "version": "4c089cefe30924fbe20dd1ee92774ea1f5eca834", "versionType": "git"}, {"status": "affected", "version": "0e09cf81959d9f12b75ad5c6dd53d237432ed034", "versionType": "git"}], "programFiles": ["drivers/vfio/pci/vfio_pci_intrs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.9"}, {"status": "unaffected", "version": "0", "lessThan": "6.9", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.4", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/vfio/pci/vfio_pci_intrs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594"}, {"url": "https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079"}, {"url": "https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376"}, {"url": "https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140"}, {"url": "https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.15.154"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.113", "versionStartIncluding": "6.1.84"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.4", "versionStartIncluding": "6.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "6.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.4.274"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.10.215"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.7.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.8.3"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:56:55.296Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38632", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:56:55.296Z", "dateReserved": "2024-06-18T19:36:34.947Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T10:18:22.236Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB888D1C-4D37-4664-917F-4DAA7558AD9D", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A500F935-F0ED-4DC7-AD02-9D7C365D13AE", "versionEndExcluding": "6.9.4", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix potential memory leak in vfio_intx_enable()\n\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vfio/pci: corrige una posible p\u00e9rdida de memoria en vfio_intx_enable() Si falla vfio_irq_ctx_alloc(), se producir\u00e1 una p\u00e9rdida de memoria del 'nombre'."}], "id": "CVE-2024-38632", "lastModified": "2024-11-21T09:26:32.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-21T11:15:11.960", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91ced077db2062604ec270b1046f8337e9090079"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a6d810554d7d9d07041f14c5fcd453f3d3fed594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0bd22a4966d55f1d2c127a53300d5c2b50152376"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: vfio/pci: fix potential memory leak in vfio_intx_enable()", "id": "2293696", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293696"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", "status": "verified"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvfio/pci: fix potential memory leak in vfio_intx_enable()\nIf vfio_irq_ctx_alloc() failed will lead to 'name' memory leak."], "name": "CVE-2024-38632", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38632\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38632\nhttps://lore.kernel.org/linux-cve-announce/2024062142-CVE-2024-38632-eaf6@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object