{ "threat_severity" : "Low", "public_date" : "2024-04-17T00:00:00Z", "bugzilla" : { "description" : "kernel: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()", "id" : "2275661", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275661" }, "cvss3" : { "cvss3_base_score" : "6.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-401", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\nunreferenced object 0xffff896282f6c000 (size 1024):\ncomm \"swapper/0\", pid 1, jiffies 4294893170\nhex dump (first 32 bytes):\n00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 8836a742):\n[] kmalloc_trace+0x29d/0x340\n[] acpi_processor_power_init+0xf3/0x1c0\n[] __acpi_processor_start+0xd3/0xf0\n[] acpi_processor_start+0x2c/0x50\n[] really_probe+0xe2/0x480\n[] __driver_probe_device+0x78/0x160\n[] driver_probe_device+0x1f/0x90\n[] __driver_attach+0xce/0x1c0\n[] bus_for_each_dev+0x70/0xc0\n[] bus_add_driver+0x112/0x210\n[] driver_register+0x55/0x100\n[] acpi_processor_driver_init+0x3b/0xc0\n[] do_one_initcall+0x41/0x300\n[] kernel_init_freeable+0x320/0x470\n[] kernel_init+0x16/0x1b0\n[] ret_from_fork+0x2d/0x50\nFix this by freeing the CPU idle device after unregistering it." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:7001", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:7000", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.22.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-03-05T00:00:00Z", "advisory" : "RHSA-2025:2270", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.57.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26894\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26894\nhttps://lore.kernel.org/linux-cve-announce/2024041743-CVE-2024-26894-53ad@gregkh/T" ], "name" : "CVE-2024-26894", "csaw" : false }