CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append

Description

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix a possible memleak in tipc_buf_append

__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.

Classification

CVE ID: CVE-2024-36954

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6
https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae
https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd
https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c
https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e
https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574
https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565
https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d

Timeline

2024-12-20 00:38:29 UTC
CVE

tipc: fix a possible memleak in tipc_buf_append