Vulnerability Details CVE-2024-35926
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix async_disable descriptor leak
The disable_async paths of iaa_compress/decompress() don't free idxd
descriptors in the async_disable case. Currently this only happens in
the testcases where req->dst is set to null. Add a test to free them
in those paths.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.4%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2024-35926
-
cpe:2.3:o:linux:linux_kernel:6.8
-
cpe:2.3:o:linux:linux_kernel:6.8.1
-
cpe:2.3:o:linux:linux_kernel:6.8.2
-
cpe:2.3:o:linux:linux_kernel:6.8.3
-
cpe:2.3:o:linux:linux_kernel:6.8.4
-
cpe:2.3:o:linux:linux_kernel:6.8.5