CVE-2024-56712

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> udmabuf: fix memory leak on last export_udmabuf() error path<br /> <br /> In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a<br /> dma_buf owning the udmabuf has already been created; but the error handling<br /> in udmabuf_create() will tear down the udmabuf without doing anything about<br /> the containing dma_buf.<br /> <br /> This leaves a dma_buf in memory that contains a dangling pointer; though<br /> that doesn&amp;#39;t seem to lead to anything bad except a memory leak.<br /> <br /> Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we<br /> can give it different error handling.<br /> <br /> Note that the shape of this code changed a lot in commit 5e72b2b41a21<br /> ("udmabuf: convert udmabuf driver to use folios"); but the memory leak<br /> seems to have existed since the introduction of udmabuf.