CVE-2024-35828

wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186 patch
https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf patch
https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7 patch
https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2 patch
https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9 patch
https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3 patch
https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591 patch
https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab patch
https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-35828?
CVE-2024-35828 has been scored as a medium severity vulnerability.
How to fix CVE-2024-35828?
To fix CVE-2024-35828, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35828 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35828 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35828?
CVE-2024-35828 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.