CVE-2024-25740

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.7.4

Description A memory leak flaw was found in the UBI driver in the Linux kernel, specifically in the drivers/mtd/ubi/attach.c module, due to the kobj->name not being released. This issue is related to the UBI IOCATT function and may allow an attacker to cause a denial of service or other impact.

Recommendations For Linux kernel versions through 6.7.4, consider updating to a newer version that includes a fix for this issue. As a temporary workaround, restricting access to the vulnerable ubi attach() function in the UBI driver may help minimize the risk of exploitation.

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2024-10855

ALT-PU-2024-3415

ALT-PU-2025-12647

AZL-34525

AZL-34888

BDU:2024-01549

CVE-2024-25740

ECHO-E4C4-27DA-846E

Affected Products

Alt Linux

Debian

Linux Kernel

CVE-2024-25740

Weakness Enumeration

Related Identifiers

Affected Products

References · 21