CVE-2024-27388

SUNRPC: fix some memleaks in gssx_dec_option_array

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364 patch
https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8 patch
https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8 patch
https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044 patch
https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c patch
https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3 patch
https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4 patch
https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69 patch
https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-27388?
CVE-2024-27388 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27388?
To fix CVE-2024-27388, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27388 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27388 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27388?
CVE-2024-27388 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.