CVE-2024-35926
crypto: iaa - Fix async_disable descriptor leak
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
19 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix async_disable descriptor leak
The disable_async paths of iaa_compress/decompress() don't free idxd
descriptors in the async_disable case. Currently this only happens in
the testcases where req->dst is set to null. Add a test to free them
in those paths.
Affected products
Linux · Linux