CVE-2024-56742: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56742 affects the Linux kernel's VFIO/MLX5 driver implementation. The vulnerability was discovered in December 2024 and involves an unwind issue in the mlx5vf_add_migration_pages() function. The flaw affects Linux kernel versions from 5.18 up to (excluding) 6.11.11 and from 6.12 up to (excluding) 6.12.2 (NVD).

The vulnerability stems from an improper memory management in the mlx5vf_add_migration_pages() function within the VFIO/MLX5 driver. When a set of pages is allocated but fails to be added to the SG table, they are not properly freed, leading to a memory leak. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access required and potential high impact on availability (NVD).

The primary impact of this vulnerability is a memory leak in the Linux kernel. When the vulnerable function fails to add allocated pages to the SG table, the memory is not properly freed, leading to resource exhaustion over time. This can potentially affect system stability and performance (Kernel Patch).

The vulnerability has been patched in the Linux kernel. The fix involves properly freeing allocated pages when they fail to be added to the SG table. The patch ensures that any pages successfully added to the SG table will be freed as part of mlx5vf_free_data_buffer(). Users should upgrade to Linux kernel versions 6.11.11, 6.12.2, or later to address this issue (Kernel Patch).