CVE-2024-56746: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56746 is a memory leak vulnerability discovered in the Linux kernel's framebuffer driver (fbdev), specifically in the sh7760fballocmem() function of the SH7760/SH7763 LCDC framebuffer driver. The vulnerability was disclosed on December 29, 2024, and affects Linux kernel versions from 2.6.27 up to versions before 6.12.2 (NVD).

The vulnerability occurs when information such as info->screenbase is not ready, causing sh7760fbfreemem() to fail to release memory correctly. The issue stems from improper memory management in the sh7760fballoc_mem() function. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and is classified as CWE-401 (Missing Release of Memory after Effective Lifetime) (NVD).

The vulnerability can lead to memory leaks in the Linux kernel when using the SH7760/SH7763 LCDC framebuffer driver. This could potentially result in system resource exhaustion over time, affecting system availability (NVD).

The vulnerability has been fixed by replacing the sh7760fbfreemem() call with dmafreecoherent() to properly release the allocated memory. The fix has been implemented in various Linux kernel versions, including 6.11.0-18.18 for Ubuntu 24.10 and other distribution-specific kernel versions (Ubuntu).