CVE-2024-35833

dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the managed version to fix both issues.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Third-Party Advisory debian.org
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8 patch
https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802 patch
https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3 patch
https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59 patch
https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6 patch
https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24 patch
https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-35833?
CVE-2024-35833 has been scored as a medium severity vulnerability.
How to fix CVE-2024-35833?
To fix CVE-2024-35833, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35833 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35833 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35833?
CVE-2024-35833 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.