CVE-2024-27073

media: ttpci: fix two memleaks in budget_av_attach

Description

In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, there are two fixme comment refers to such deallocations.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Third-Party Advisory debian.org
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016 patch
https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b patch
https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb patch
https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 patch
https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06 patch
https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 patch
https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa797ac3c patch
https://git.kernel.org/stable/c/d0b07f712bf61e1a3cf23c87c663791c42e50837 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-27073?
CVE-2024-27073 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27073?
To fix CVE-2024-27073, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27073 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27073 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27073?
CVE-2024-27073 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.