References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix reset_method_store() memory leak

In reset_method_store(), a string is allocated via kstrndup() and assigned
to the local "options". options is then used in with strsep() to find
spaces:

  while ((name = strsep(&options, " ")) != NULL) {

If there are no remaining spaces, then options is set to NULL by strsep(),
so the subsequent kfree(options) doesn't free the memory allocated via
kstrndup().

Fix by using a separate

https://git.kernel.org/stable/c/2985b1844f3f3447f2d938eff1ef6762592065a5

https://git.kernel.org/stable/c/403efb4457c0c8f8f51e904cc57d39193780c6bd

https://git.kernel.org/stable/c/543d0eb40e45c6a51f1bff02f417b602e54472d5

https://git.kernel.org/stable/c/8e098baf6bc3f3a6aefc383509aba07e202f7ee0

https://git.kernel.org/stable/c/931d07ccffcc3614f20aaf602b31e89754e21c59

https://git.kernel.org/stable/c/fe6fae61f3b993160aef5fe2b7141a83872c144f