CVE-2024-27074

media: go7007: fix a memleak in go7007_load_encoder

Description

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go is freed and thus bounce is leaked.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5 patch
https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159 patch
https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073 patch
https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3 patch
https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3 patch
https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975 patch
https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96cd78661 patch
https://git.kernel.org/stable/c/7405a0d4442792988e9ae834e7d84f9d163731a4 patch
https://git.kernel.org/stable/c/b9b683844b01d171a72b9c0419a2d760d946ee12 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html patch

Frequently Asked Questions

What is the severity of CVE-2024-27074?
CVE-2024-27074 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27074?
To fix CVE-2024-27074, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27074 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27074 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27074?
CVE-2024-27074 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.