CVE-2024-56546: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56546 affects the Linux kernel's Xilinx SoC driver, specifically in the xlnx_add_cb_for_suspend() function. The vulnerability was discovered and disclosed on December 27, 2024, and involves a memory leak in the error handling path of the driver. This issue affects various Linux kernel versions and distributions including Ubuntu 24.10 and Debian systems (NVD, Ubuntu).

The vulnerability exists in the drivers/soc/xilinx/xlnx_event_manager.c file where a memory leak occurs in the xlnx_add_cb_for_suspend() function. When memory allocation for cb_data fails using kmalloc, the previously allocated eve_data memory is not properly freed, resulting in a memory leak. This issue was introduced in commit 05e5ba40ea7a which added support for multiple callbacks for the same event in the event management driver (Kernel Commit).

The memory leak vulnerability could lead to resource exhaustion over time as memory allocated for eve_data is not properly freed when subsequent memory allocations fail. This could potentially affect system stability and performance in systems using the Xilinx SoC driver (NVD).

The vulnerability has been fixed in multiple Linux kernel versions. Ubuntu 24.10 has released updates (linux-image-6.11.0-18-generic version 6.11.0-18.18), and Debian has addressed it in version 6.1.6.1.128-1~deb11u1. Users are advised to update their systems to the patched versions. The fix involves adding a kfree(eve_data) call in the error handling path (Ubuntu, Debian).