Security tracker / CVE-2024-38632

CVE-2024-38632

vfio/pci: fix potential memory leak in vfio_intx_enable()

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 18c198c96a81 ("vfio/pci: Create persistent INTx handler").
 carnil> Vulnerable versions: 5.4.274 5.10.215 5.15.154 6.1.84 6.6.24 6.7.12 6.8.3
 carnil> 6.9-rc1.

Bugs

Status

Branch	Status
upstream	released (6.10-rc1) [82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.9-upstream-stable	released (6.9.4) [35fef97c33f3d3ca0455f9a8e2a3f2c1f8cc9140]
6.6-upstream-stable	released (6.6.33) [0bd22a4966d55f1d2c127a53300d5c2b50152376]
6.1-upstream-stable	released (6.1.113) [91ced077db2062604ec270b1046f8337e9090079]
5.10-upstream-stable	needed
4.19-upstream-stable	N/A "Vulnerable code not present"
sid	released (6.9.7-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	released (6.1.115-1)
5.10-bullseye-security	needed