CVE-2024-26894
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/04/2024
Last modified:
12/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()<br />
<br />
After unregistering the CPU idle device, the memory associated with<br />
it is not freed, leading to a memory leak:<br />
<br />
unreferenced object 0xffff896282f6c000 (size 1024):<br />
comm "swapper/0", pid 1, jiffies 4294893170<br />
hex dump (first 32 bytes):<br />
00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................<br />
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />
backtrace (crc 8836a742):<br />
[] kmalloc_trace+0x29d/0x340<br />
[] acpi_processor_power_init+0xf3/0x1c0<br />
[] __acpi_processor_start+0xd3/0xf0<br />
[] acpi_processor_start+0x2c/0x50<br />
[] really_probe+0xe2/0x480<br />
[] __driver_probe_device+0x78/0x160<br />
[] driver_probe_device+0x1f/0x90<br />
[] __driver_attach+0xce/0x1c0<br />
[] bus_for_each_dev+0x70/0xc0<br />
[] bus_add_driver+0x112/0x210<br />
[] driver_register+0x55/0x100<br />
[] acpi_processor_driver_init+0x3b/0xc0<br />
[] do_one_initcall+0x41/0x300<br />
[] kernel_init_freeable+0x320/0x470<br />
[] kernel_init+0x16/0x1b0<br />
[] ret_from_fork+0x2d/0x50<br />
<br />
Fix this by freeing the CPU idle device after unregistering it.
Impact
Base Score 3.x
6.00
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.7 (including) | 4.19.311 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.273 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.214 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.153 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.83 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.23 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.8 (including) | 6.8.2 (excluding) |
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2
- https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc
- https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e
- https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5
- https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9
- https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa
- https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51
- https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d
- https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8
- https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2
- https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc
- https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e
- https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5
- https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9
- https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa
- https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51
- https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d
- https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html