vulnerability
Debian: CVE-2024-26894: linux -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:M/C:C/I:N/A:C) | 04/17/2024 | 05/08/2024 | 02/20/2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
After unregistering the CPU idle device, the memory associated with
it is not freed, leading to a memory leak:
unreferenced object 0xffff896282f6c000 (size 1024):
comm "swapper/0", pid 1, jiffies 4294893170
hex dump (first 32 bytes):
00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8836a742):
[] kmalloc_trace+0x29d/0x340
[] acpi_processor_power_init+0xf3/0x1c0
[] __acpi_processor_start+0xd3/0xf0
[] acpi_processor_start+0x2c/0x50
[] really_probe+0xe2/0x480
[] __driver_probe_device+0x78/0x160
[] driver_probe_device+0x1f/0x90
[] __driver_attach+0xce/0x1c0
[] bus_for_each_dev+0x70/0xc0
[] bus_add_driver+0x112/0x210
[] driver_register+0x55/0x100
[] acpi_processor_driver_init+0x3b/0xc0
[] do_one_initcall+0x41/0x300
[] kernel_init_freeable+0x320/0x470
[] kernel_init+0x16/0x1b0
[] ret_from_fork+0x2d/0x50
Fix this by freeing the CPU idle device after unregistering it.
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.