CVE-2024-35972

low-risk

Published 2024-05-20

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

Patch https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Patch https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

Patch https://git.kernel.org/stable/c/10a9d6a7513f93d7faffcb341af0aa42be8218fe

Patch https://git.kernel.org/stable/c/7ac10c7d728d75bc9daaa8fade3c7a3273b9a9ff

Patch https://git.kernel.org/stable/c/c60ed825530b8c0cc2b524efd39b1d696ec54004

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal