Bug 1219830 (CVE-2024-25740) - VUL-0: CVE-2024-25740: kernel-source,kernel-source-azure,kernel-source-rt: memory leak flaw was found in the UBI driver in ubi_attach()
Summary: VUL-0: CVE-2024-25740: kernel-source,kernel-source-azure,kernel-source-rt: me...
Status: RESOLVED FIXED
Alias: CVE-2024-25740
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/393676/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-25740:4.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-12 11:11 UTC by SMASH SMASH
Modified: 2024-06-12 11:57 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-12 11:11:07 UTC 
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25740
https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T/
https://www.cve.org/CVERecord?id=CVE-2024-25740
Comment 1 Carlos López 2024-02-12 11:18:25 UTC 
No patch merged yet.

We have CONFIG_UBIFS_FS=m in:
 - cve/linux-3.0
 - SLE15-SP3-LTSS
 - cve/linux-5.14
 - SLE15-SP6
 - stable
 - master
Comment 3 Anthony Iliopoulos 2024-02-12 14:48:48 UTC 
Sure,

So we indeed have CONFIG_UBIFS_FS=m on pretty much every branch, but we also have it marked as unsupported/optional, e.g.:

origin/master:supported.conf:-                    fs/ubifs/ubifs
origin/vanilla:supported.conf:-                   kernel/fs/ubifs/ubifs
origin/linux-next:supported.conf:-                kernel/fs/ubifs/ubifs
origin/stable:supported.conf:-                    fs/ubifs/ubifs
origin/slowroll:supported.conf:-                  fs/ubifs/ubifs
origin/SLE15-SP6-AZURE:supported.conf:-!optional  fs/ubifs/ubifs
origin/SLE15-SP6:supported.conf:-!optional        fs/ubifs/ubifs
origin/SLE15-SP6-RT:supported.conf:-!optional     fs/ubifs/ubifs
origin/ALP-current:supported.conf:-!optional      fs/ubifs/ubifs
origin/ALP-current-RT:supported.conf:-!optional   fs/ubifs/ubifs
origin/SLE15-SP5-AZURE:supported.conf:-!optional  fs/ubifs/ubifs
origin/SLE15-SP5:supported.conf:-!optional        fs/ubifs/ubifs
origin/SLE15-SP5-RT:supported.conf:-!optional     fs/ubifs/ubifs
origin/SLE15-SP4-RT:supported.conf:-!optional     fs/ubifs/ubifs
origin/SLE15-SP3-RT:supported.conf:-!optional     fs/ubifs/ubifs

which means that the module is only shipped on Leap and on the optional kernel package.

I don't think there's anything actionable at the moment, we'll eventually receive whatever upstream does via git-fixes (I sometimes handle those for
filesystems unsupported in SLE as best-effort for Leap users, assuming they
aren't too intrusive for SLE).
Comment 4 Joey Lee 2024-02-23 06:10:46 UTC 
At this moment, I didn't find useful information on google for this CVE-2024-25740.
Comment 5 Anthony Iliopoulos 2024-02-23 11:13:22 UTC 
(In reply to Joey Lee from comment #4)
> At this moment, I didn't find useful information on google for this
> CVE-2024-25740.

There's really nothing further to the lore thread mentioned in comment #0,
so there's no reviewed patch yet.

But in any case, as per my comment #3, this is extremely low-prio since it
is not affecting SLE.
Comment 8 Anthony Iliopoulos 2024-03-06 16:39:28 UTC 
Reassigning back to security, since this isn't affecting SLE at all (comment #3).
Comment 9 Gabriele Sonnu 2024-06-12 11:57:10 UTC 
All done, closing.