CVE-2024-38617

low-risk
Published 2024-06-19

In the Linux kernel, the following vulnerability has been resolved: kunit/fortify: Fix mismatched kvalloc()/vfree() usage The kv*() family of tests were accidentally freeing with vfree() instead of kvfree(). Use kvfree() instead.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (8)

Patch https://git.kernel.org/stable/c/03758d5a0932016b6d5f5bfbca580177e6bc937a
Patch https://git.kernel.org/stable/c/42d21c9727028fe7ee392223ba127484b1b8677e
Patch https://git.kernel.org/stable/c/7880dbf4eafe22a6a41a42e774f1122c814ed02d
Patch https://git.kernel.org/stable/c/998b18072ceb0613629c256b409f4d299829c7ec
Patch https://git.kernel.org/stable/c/03758d5a0932016b6d5f5bfbca580177e6bc937a
Patch https://git.kernel.org/stable/c/42d21c9727028fe7ee392223ba127484b1b8677e
Patch https://git.kernel.org/stable/c/7880dbf4eafe22a6a41a42e774f1122c814ed02d
Patch https://git.kernel.org/stable/c/998b18072ceb0613629c256b409f4d299829c7ec
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal