CVE-2024-56745: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56745 is a memory leak vulnerability discovered in the Linux kernel's PCI subsystem, specifically in the resetmethodstore() function. The vulnerability was disclosed on December 29, 2024, and affects multiple versions of the Linux kernel from version 5.15 through 6.11 (NVD).

The vulnerability occurs in the resetmethodstore() function where a string is allocated via kstrndup() and assigned to the local 'options' variable. When using strsep() to find spaces in the string, if no remaining spaces are found, options is set to NULL by strsep(), resulting in the subsequent kfree(options) failing to free the memory allocated by kstrndup(). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and is classified as CWE-401 (Missing Release of Memory after Effective Lifetime) (NVD).

The vulnerability can lead to memory leaks in the Linux kernel, potentially causing system resource exhaustion over time. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it can have a high impact on system availability (NVD).

The vulnerability has been fixed by introducing a separate tmp_options variable to iterate with strsep() while preserving the original options pointer. The fix has been implemented in various kernel versions through patches. Multiple Linux distributions have released updates to address this vulnerability (Kernel Patch).