{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27388", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.676Z", "datePublished": "2024-05-01T13:05:05.518Z", "dateUpdated": "2024-12-19T08:54:02.412Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:54:02.412Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix some memleaks in gssx_dec_option_array\n\nThe creds and oa->data need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/auth_gss/gss_rpc_xdr.c"], "versions": [{"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "b97c37978ca825557d331c9012e0c1ddc0e42364", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "dd292e884c649f9b1c18af0ec75ca90b390cd044", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "934212a623cbab851848b6de377eb476718c3e4c", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "5e6013ae2c8d420faea553d363935f65badd32c3", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "996997d1fb2126feda550d6adcedcbd94911fc69", "status": "affected", "versionType": "git"}, {"version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "3cfcfc102a5e57b021b786a755a38935e357797d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/auth_gss/gss_rpc_xdr.c"], "versions": [{"version": "3.10", "status": "affected"}, {"version": "0", "lessThan": "3.10", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.311", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.273", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.214", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.153", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"}, {"url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"}, {"url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"}, {"url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"}, {"url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"}, {"url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"}, {"url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"}, {"url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"}, {"url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"}], "title": "SUNRPC: fix some memleaks in gssx_dec_option_array", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.507Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:43:49.125516Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:28.640Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.507Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:43:49.125516Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.874Z"}}], "cna": {"title": "SUNRPC: fix some memleaks in gssx_dec_option_array", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "b97c37978ca825557d331c9012e0c1ddc0e42364", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "dd292e884c649f9b1c18af0ec75ca90b390cd044", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "934212a623cbab851848b6de377eb476718c3e4c", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "5e6013ae2c8d420faea553d363935f65badd32c3", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "996997d1fb2126feda550d6adcedcbd94911fc69", "versionType": "git"}, {"status": "affected", "version": "1d658336b05f8697d6445834f8867f8ad5e4f735", "lessThan": "3cfcfc102a5e57b021b786a755a38935e357797d", "versionType": "git"}], "programFiles": ["net/sunrpc/auth_gss/gss_rpc_xdr.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.10"}, {"status": "unaffected", "version": "0", "lessThan": "3.10", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.311", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.273", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.214", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.153", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.83", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.23", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/sunrpc/auth_gss/gss_rpc_xdr.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"}, {"url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"}, {"url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"}, {"url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"}, {"url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"}, {"url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"}, {"url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"}, {"url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"}, {"url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix some memleaks in gssx_dec_option_array\n\nThe creds and oa->data need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:54:02.412Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27388", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:54:02.412Z", "dateReserved": "2024-02-25T13:47:42.676Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T13:05:05.518Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA8D2CD8-65D2-47A7-9391-35AFA94D8CCC", "versionEndExcluding": "4.19.311", "versionStartIncluding": "3.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55", "versionEndExcluding": "5.4.273", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8", "versionEndExcluding": "5.10.214", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B", "versionEndExcluding": "5.15.153", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19", "versionEndExcluding": "6.1.83", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68", "versionEndExcluding": "6.6.23", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix some memleaks in gssx_dec_option_array\n\nThe creds and oa->data need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: SUNRPC: corrige algunas fugas de mem en gssx_dec_option_array Los creds y oa->data deben liberarse en las rutas de manejo de errores despu\u00e9s de su asignaci\u00f3n. Entonces este parche agrega estas desasignaciones en las rutas correspondientes."}], "id": "CVE-2024-27388", "lastModified": "2025-01-14T14:56:08.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-01T13:15:51.550", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cfcfc102a5e57b021b786a755a38935e357797d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e3112ec4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/996997d1fb2126feda550d6adcedcbd94911fc69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}], "bugzilla": {"description": "kernel: SUNRPC: fix some memleaks in gssx_dec_option_array", "id": "2278535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278535"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nSUNRPC: fix some memleaks in gssx_dec_option_array\nThe creds and oa->data need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths.", "A flaw was found in the auth_rpcgss module in the Linux kernel. A memory leak can occur due to improper error handling, potentially impacting system performance and possibly resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27388", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27388\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27388\nhttps://lore.kernel.org/linux-cve-announce/2024050135-CVE-2024-27388-04eb@gregkh/T"], "statement": "This vulnerability does not affect the auth_rpcgss module in the Linux kernel as shipped in Red Hat Enterprise Linux 9 because it already contains the fix for this issue.", "threat_severity": "Moderate"}