CVE-2024-26839

IB/hfi1: Fix a memleak in init_credit_return

Description

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va, init_credit_return should deallocate dd->cr_base and dd->cr_base[i] that allocated before. Or those resources would be never freed and a memleak is triggered.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3 patch
https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8 patch
https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7 patch
https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25 patch
https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b patch
https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896 patch
https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a patch
https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-26839?
CVE-2024-26839 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26839?
To fix CVE-2024-26839, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26839 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26839 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26839?
CVE-2024-26839 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.