CVE-2024-50231

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50231
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50231.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-50231
Downstream
Related
Published
2024-11-09T10:14:41.510Z
Modified
2025-11-20T06:42:35.982080Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: gts-helper: Fix memory leaks in iiogtsbuildavailscale_table()

modprobe iio-test-gts and rmmod it, then the following memory leak occurs:

unreferenced object 0xffffff80c810be00 (size 64):
  comm "kunit_try_catch", pid 1654, jiffies 4294913981
  hex dump (first 32 bytes):
    02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00  ........ ...@...
    80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00  ................
  backtrace (crc a63d875e):
    [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40
    [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0
    [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4
    [<0000000071bb4b09>] 0xffffffdf052a62e0
    [<000000000315bc18>] 0xffffffdf052a6488
    [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac
    [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000f505065d>] kthread+0x2e8/0x374
    [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cbfe9e70 (size 16):
  comm "kunit_try_catch", pid 1658, jiffies 4294914015
  hex dump (first 16 bytes):
    10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00  ....@...........
  backtrace (crc 857f0cb4):
    [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40
    [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0
    [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4
    [<0000000071bb4b09>] 0xffffffdf052a62e0
    [<000000007d089d45>] 0xffffffdf052a6864
    [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac
    [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000f505065d>] kthread+0x2e8/0x374
    [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20
......

It includes 55 times "size 64" memory leaks, which correspond to 5 times test_init_iio_gain_scale() calls with gts_test_gains size 10 (10size(int)) and gtstestitimes size 5. It also includes 51 times "size 16" memory leak, which correspond to one time __test_init_iio_gain_scale() call with gts_test_gains_gain_low size 3 (3size(int)) and gtstestitimes size 5.

The reason is that the pertimegains[i] is not freed which is allocated in the "gts->numitime" for loop in iiogtsbuildavailscaletable().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
38416c28e16890b52fdd5eb73479299ec3f062f3
Fixed
38d6e8be234d87b0eedca50309e25051888b39d1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
38416c28e16890b52fdd5eb73479299ec3f062f3
Fixed
16e41593825c3044efca0eb34b2d6ffba306e4ec
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
38416c28e16890b52fdd5eb73479299ec3f062f3
Fixed
691e79ffc42154a9c91dc3b7e96a307037b4be74

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.11.6
v6.12-rc1
v6.12-rc2
v6.3
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1097.0,
            "function_hash": "269932584383089937981024355089664840259"
        },
        "id": "CVE-2024-50231-1b44d815",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@691e79ffc42154a9c91dc3b7e96a307037b4be74",
        "target": {
            "file": "drivers/iio/industrialio-gts-helper.c",
            "function": "iio_gts_build_avail_scale_table"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "132292487025350170494029120148401132327",
                "187484480292217424753505214779091388282",
                "145463890830548058312919597665193688641"
            ]
        },
        "id": "CVE-2024-50231-73e74d00",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@691e79ffc42154a9c91dc3b7e96a307037b4be74",
        "target": {
            "file": "drivers/iio/industrialio-gts-helper.c"
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.60
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.11.7