CVE-2024-27388

low-risk
Published 2024-05-01

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Affected Vendors

Debian Linux

References (20)

Patch https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d
Patch https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3
Patch https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c
Patch https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4
Patch https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69
Patch https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364
Patch https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8
Patch https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8
Patch https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044
Patch https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d
Patch https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3
Patch https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c
Patch https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4
Patch https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69
Patch https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364
Patch https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8
Patch https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8
Patch https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044
Mailing List https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low