CVE-2024-26983

bootconfig: use memblock_free_late to free xbc memory to buddy

References

https://cve.org/CVERecord/?id=CVE-2024-26983

Notes

 carnil> Introduced in 40caa127f3c7 ("init: bootconfig: Remove all bootconfig data when
 carnil> the init memory is removed"). Vulnerable versions: 5.15-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
5.10-bullseye-security	N/A "Vulnerable code not present"
5.10-upstream-stable	N/A "Vulnerable code not present"
6.1-bookworm-security	released (6.1.90-1)
6.1-upstream-stable	released (6.1.88) [1e7feb31a18c197d63a5e606025ed63c762f8918]
6.6-upstream-stable	released (6.6.29) [e46d3be714ad9652480c6db129ab8125e2d20ab7]
6.8-upstream-stable	released (6.8.8) [5a7dfb8fcd3f29fc93161100179b27f24f3d5f35]
sid	needed
upstream	released (6.9-rc5) [89f9a1e876b5a7ad884918c03a46831af202c8a0]