SB2024110842 - Memory leak in Linux kernel intel ice driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-50190)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ice_init_tx_topology() function in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_verify_pkg(), ice_chk_pkg_version(), ice_find_buf_table(), ice_update_pkg(), ice_find_seg_in_pkg(), ice_get_set_tx_topo() and ice_cfg_tx_topo() functions in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/43544b4e30732c3d88f423252281915d5bc739b6
• https://git.kernel.org/stable/c/c188afdc36113760873ec78cbc036f6b05f77621
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12