CVE-2024-36967

2024-06-0800:00:00

ubuntu.com

linux kernel

memory leak

vulnerability

tpm2_key_encode

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: KEYS:
trusted: Fix memory leak in tpm2_key_encode() ‘scratch’ is never freed. Fix
this by calling kfree() in the success, and in the error case.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu20.04noarchlinux-azure-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN