CVE-2024-25740: n/a in n/a
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
AI Analysis
Technical Summary
CVE-2024-25740 is a medium-severity vulnerability identified in the UBI (Unsorted Block Images) driver component of the Linux kernel, specifically in the source file drivers/mtd/ubi/attach.c. The flaw is a memory leak caused by the failure to release the kobj->name resource during the UBI_IOCATT ioctl operation. This issue affects Linux kernel versions up to and including 6.7.4. The vulnerability is classified under CWE-401, which pertains to improper release of memory, leading to resource leaks. The CVSS 3.1 base score is 5.5, indicating a medium severity level, with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This means the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts availability (A:H) without affecting confidentiality or integrity. The vulnerability does not appear to have known exploits in the wild yet, and no vendor or product-specific details are provided, but it is inherent to the Linux kernel's UBI driver. The memory leak could cause gradual resource exhaustion on affected systems, potentially leading to denial of service (DoS) conditions if the leaked memory accumulates over time during repeated ioctl calls. Since the flaw requires local access and low privileges, it could be exploited by a local attacker or malicious process on the system to degrade system availability. The absence of user interaction and the low complexity of exploitation increase the risk in environments where untrusted local users or processes exist. The UBI driver is typically used in embedded systems and devices that rely on flash memory management, such as routers, IoT devices, and some industrial systems running Linux. Therefore, the impact is more pronounced in such environments rather than general-purpose desktop or server Linux installations. No patch links are currently provided, indicating that mitigation may require kernel updates once available or manual workarounds.
Potential Impact
For European organizations, the impact of CVE-2024-25740 depends largely on their use of Linux-based embedded systems or devices that utilize the UBI driver for flash memory management. Organizations in sectors such as telecommunications, manufacturing, automotive, and critical infrastructure that deploy embedded Linux devices could face availability issues if the vulnerability is exploited. A memory leak leading to denial of service could disrupt device operations, causing downtime or degraded performance. This is particularly critical for industrial control systems or network equipment where uptime is essential. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could indirectly affect business continuity and operational reliability. The requirement for local access and low privileges means that insider threats or compromised local accounts could exploit this vulnerability. European organizations with large deployments of embedded Linux devices should be vigilant, as prolonged exploitation could lead to system instability or failure, impacting service delivery and potentially safety-critical operations.
Mitigation Recommendations
To mitigate CVE-2024-25740, European organizations should: 1) Monitor for and apply Linux kernel updates promptly once patches addressing this vulnerability are released. 2) Restrict local access to systems running the vulnerable UBI driver, enforcing strict access controls and user privilege management to minimize the risk of local exploitation. 3) Implement monitoring and alerting for unusual memory usage patterns or repeated invocation of the UBI_IOCATT ioctl calls that could indicate exploitation attempts. 4) For embedded devices, coordinate with device vendors to obtain firmware updates or patches that include the fixed kernel versions. 5) Where patching is not immediately feasible, consider isolating vulnerable devices from critical networks or limiting the exposure of local interfaces that could be used to trigger the vulnerability. 6) Conduct regular security audits of embedded Linux devices to ensure they are running supported and updated kernel versions. 7) Employ application whitelisting or sandboxing techniques to limit the ability of untrusted local processes to invoke kernel ioctl operations.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Sweden, Finland, Poland, Spain, Belgium
CVE-2024-25740: n/a in n/a
Description
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
AI-Powered Analysis
Technical Analysis
CVE-2024-25740 is a medium-severity vulnerability identified in the UBI (Unsorted Block Images) driver component of the Linux kernel, specifically in the source file drivers/mtd/ubi/attach.c. The flaw is a memory leak caused by the failure to release the kobj->name resource during the UBI_IOCATT ioctl operation. This issue affects Linux kernel versions up to and including 6.7.4. The vulnerability is classified under CWE-401, which pertains to improper release of memory, leading to resource leaks. The CVSS 3.1 base score is 5.5, indicating a medium severity level, with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This means the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts availability (A:H) without affecting confidentiality or integrity. The vulnerability does not appear to have known exploits in the wild yet, and no vendor or product-specific details are provided, but it is inherent to the Linux kernel's UBI driver. The memory leak could cause gradual resource exhaustion on affected systems, potentially leading to denial of service (DoS) conditions if the leaked memory accumulates over time during repeated ioctl calls. Since the flaw requires local access and low privileges, it could be exploited by a local attacker or malicious process on the system to degrade system availability. The absence of user interaction and the low complexity of exploitation increase the risk in environments where untrusted local users or processes exist. The UBI driver is typically used in embedded systems and devices that rely on flash memory management, such as routers, IoT devices, and some industrial systems running Linux. Therefore, the impact is more pronounced in such environments rather than general-purpose desktop or server Linux installations. No patch links are currently provided, indicating that mitigation may require kernel updates once available or manual workarounds.
Potential Impact
For European organizations, the impact of CVE-2024-25740 depends largely on their use of Linux-based embedded systems or devices that utilize the UBI driver for flash memory management. Organizations in sectors such as telecommunications, manufacturing, automotive, and critical infrastructure that deploy embedded Linux devices could face availability issues if the vulnerability is exploited. A memory leak leading to denial of service could disrupt device operations, causing downtime or degraded performance. This is particularly critical for industrial control systems or network equipment where uptime is essential. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could indirectly affect business continuity and operational reliability. The requirement for local access and low privileges means that insider threats or compromised local accounts could exploit this vulnerability. European organizations with large deployments of embedded Linux devices should be vigilant, as prolonged exploitation could lead to system instability or failure, impacting service delivery and potentially safety-critical operations.
Mitigation Recommendations
To mitigate CVE-2024-25740, European organizations should: 1) Monitor for and apply Linux kernel updates promptly once patches addressing this vulnerability are released. 2) Restrict local access to systems running the vulnerable UBI driver, enforcing strict access controls and user privilege management to minimize the risk of local exploitation. 3) Implement monitoring and alerting for unusual memory usage patterns or repeated invocation of the UBI_IOCATT ioctl calls that could indicate exploitation attempts. 4) For embedded devices, coordinate with device vendors to obtain firmware updates or patches that include the fixed kernel versions. 5) Where patching is not immediately feasible, consider isolating vulnerable devices from critical networks or limiting the exposure of local interfaces that could be used to trigger the vulnerability. 6) Conduct regular security audits of embedded Linux devices to ensure they are running supported and updated kernel versions. 7) Employ application whitelisting or sandboxing techniques to limit the ability of untrusted local processes to invoke kernel ioctl operations.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-02-12T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9819c4522896dcbd8a7b
Added to database: 5/21/2025, 9:08:41 AM
Last enriched: 7/5/2025, 8:25:00 AM
Last updated: 8/15/2025, 10:30:21 AM
Views: 17
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.