CVE-2024-56710

ceph: fix memory leak in ceph_direct_read_write()

Description

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leaked and pages remain pinned if ceph_alloc_sparse_ext_map() fails. There is no need to delay the allocation of sparse_ext map until after the bvecs array is set up, so fix this by moving sparse_ext allocation a bit earlier. Also, make a similar adjustment in __ceph_sync_read() for consistency (a leak of the same kind in __ceph_sync_read() has been addressed differently).

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/44e518abbb498075ae85c7d1d1a503a6bb05ea2d patch
https://git.kernel.org/stable/c/eb9041837123f31d5897e99bb761f46cb4ce5859 patch
https://git.kernel.org/stable/c/66e0c4f91461d17d48071695271c824620bed4ef patch

Frequently Asked Questions

What is the severity of CVE-2024-56710?
CVE-2024-56710 has been scored as a medium severity vulnerability.
How to fix CVE-2024-56710?
To fix CVE-2024-56710, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56710 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56710 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56710?
CVE-2024-56710 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.