Total vulnerabilities in the database
In the Linux kernel, the following vulnerability has been resolved:
capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(...), there will be a memleak in below logic:
|-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...) | /* ^^^ alloc for tmpbuf */ |-- value = krealloc(xattr_value, error + 1, flags) | / ^^^ alloc memory / |-- error = handler->get(handler, ...) | / error! */ |-- xattr_value = value | / xattr_value is &tmpbuf (memory leak!) */
So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.
[PM: subject line and backtrace tweaks]
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.1-rc2 | 6.1-rc2.x |
| linux / linux_kernel | 6.1-rc1 | 6.1-rc1.x |
| linux / linux_kernel | 6.1-rc3 | 6.1-rc3.x |
| linux / linux_kernel | 5.5 | 5.10.154 |
| linux / linux_kernel | 5.11 | 5.15.78 |
| linux / linux_kernel | 5.16 | 6.0.8 |
| linux / linux_kernel | 4.20 | 5.4.224 |
| linux / linux_kernel | 4.15 | 4.19.265 |
| linux / linux_kernel | 4.14 | 4.14.299 |