PT-2024-35649 · Linux+4 · Linux Kernel+4

Published

2024-10-16

·

Updated

2025-10-03

·

CVE-2024-53202

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A possible resource leak has been identified in the firmware loader of the Linux kernel, specifically in the fw log firmware info() function. The alg instance should be released under the exception path to prevent a resource leak. To mitigate this issue, the alg instance should be freed with crypto free shash when kmalloc fails.
Recommendations To resolve this issue, ensure that the alg instance is properly released in the exception path by freeing it with crypto free shash when kmalloc fails. As a temporary workaround, consider implementing proper error handling to prevent resource leaks when kmalloc fails. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17893
ALT-PU-2025-12647
AZL-55506
BDU:2025-07867
CVE-2024-53202
OESA-2025-1032
OESA-2025-1036
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu