{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-50231","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T19:36:19.975Z","datePublished":"2024-11-09T10:14:41.510Z","dateUpdated":"2025-10-01T20:17:27.616Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:49:18.349Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()\n\nmodprobe iio-test-gts and rmmod it, then the following memory leak\noccurs:\n\n\tunreferenced object 0xffffff80c810be00 (size 64):\n\t  comm \"kunit_try_catch\", pid 1654, jiffies 4294913981\n\t  hex dump (first 32 bytes):\n\t    02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00  ........ ...@...\n\t    80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00  ................\n\t  backtrace (crc a63d875e):\n\t    [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40\n\t    [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0\n\t    [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t    [<0000000071bb4b09>] 0xffffffdf052a62e0\n\t    [<000000000315bc18>] 0xffffffdf052a6488\n\t    [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac\n\t    [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [<00000000f505065d>] kthread+0x2e8/0x374\n\t    [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cbfe9e70 (size 16):\n\t  comm \"kunit_try_catch\", pid 1658, jiffies 4294914015\n\t  hex dump (first 16 bytes):\n\t    10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00  ....@...........\n\t  backtrace (crc 857f0cb4):\n\t    [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40\n\t    [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0\n\t    [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t    [<0000000071bb4b09>] 0xffffffdf052a62e0\n\t    [<000000007d089d45>] 0xffffffdf052a6864\n\t    [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac\n\t    [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [<00000000f505065d>] kthread+0x2e8/0x374\n\t    [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20\n\t......\n\nIt includes 5*5 times \"size 64\" memory leaks, which correspond to 5 times\ntest_init_iio_gain_scale() calls with gts_test_gains size 10 (10*size(int))\nand gts_test_itimes size 5. It also includes 5*1 times \"size 16\"\nmemory leak, which correspond to one time __test_init_iio_gain_scale()\ncall with gts_test_gains_gain_low size 3 (3*size(int)) and gts_test_itimes\nsize 5.\n\nThe reason is that the per_time_gains[i] is not freed which is allocated in\nthe \"gts->num_itime\" for loop in iio_gts_build_avail_scale_table()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/industrialio-gts-helper.c"],"versions":[{"version":"38416c28e16890b52fdd5eb73479299ec3f062f3","lessThan":"38d6e8be234d87b0eedca50309e25051888b39d1","status":"affected","versionType":"git"},{"version":"38416c28e16890b52fdd5eb73479299ec3f062f3","lessThan":"16e41593825c3044efca0eb34b2d6ffba306e4ec","status":"affected","versionType":"git"},{"version":"38416c28e16890b52fdd5eb73479299ec3f062f3","lessThan":"691e79ffc42154a9c91dc3b7e96a307037b4be74","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/industrialio-gts-helper.c"],"versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","status":"unaffected","versionType":"semver"},{"version":"6.6.60","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.7","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.11.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/38d6e8be234d87b0eedca50309e25051888b39d1"},{"url":"https://git.kernel.org/stable/c/16e41593825c3044efca0eb34b2d6ffba306e4ec"},{"url":"https://git.kernel.org/stable/c/691e79ffc42154a9c91dc3b7e96a307037b4be74"}],"title":"iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-50231","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T20:16:40.539918Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-401","description":"CWE-401 Missing Release of Memory after Effective Lifetime"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T20:17:27.616Z"}}]}}