CVE-2024-35829 in Linux
Summary
by MITRE • 05/17/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/lima: fix a memleak in lima_heap_alloc
When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/21/2025
The vulnerability CVE-2024-35829 represents a memory leak issue within the Linux kernel's graphics subsystem, specifically affecting the Lima driver used for Mali GPU support. This flaw exists in the drm/lima component where the lima_heap_alloc function fails to properly clean up allocated resources when the lima_vm_map_bo operation encounters an error condition. The Lima driver is part of the Direct Rendering Manager framework responsible for managing graphics memory allocation and virtual memory mapping for Mali-based graphics processors commonly found in embedded systems and mobile devices.
The technical flaw manifests when the lima_vm_map_bo function returns an error status during memory allocation operations. Under normal circumstances, this function should either successfully map the buffer object to virtual memory or return an appropriate error code while ensuring all previously allocated resources are properly freed. However, in the affected implementation, when lima_vm_map_bo fails, the code path does not execute the necessary cleanup routines that would release the memory allocations that were already acquired during the allocation process. This results in a memory leak where allocated kernel memory remains unreleased, gradually consuming available system resources over time.
The operational impact of this memory leak vulnerability extends beyond simple resource consumption issues. In embedded systems and mobile devices where memory resources are constrained, this leak can lead to progressive system degradation, eventually causing memory exhaustion that may result in system instability, application crashes, or complete system hangs. The vulnerability is particularly concerning in environments where graphics-intensive applications are frequently launched and terminated, as each failure scenario would contribute to the accumulation of leaked memory. The issue affects systems utilizing Mali GPU hardware through the Lima driver, which is commonly found in various embedded platforms, single-board computers, and mobile devices running Linux-based operating systems.
Mitigation strategies for CVE-2024-35829 involve applying the kernel patch that ensures proper resource cleanup when lima_vm_map_bo fails. The fix implements a defensive programming approach where error handling code paths include explicit cleanup operations to release all allocated memory resources before returning from the function. This aligns with the principle of resource management and follows the CWE-404 weakness category related to improper resource release or cleanup. System administrators should prioritize updating to kernel versions containing the patched Lima driver implementation, particularly in production environments where memory stability is critical. The ATT&CK framework would categorize this vulnerability under privilege escalation and resource exhaustion tactics, as it can be leveraged to consume system resources and potentially impact system availability. Regular kernel updates and security monitoring are essential to prevent exploitation of this memory leak vulnerability in environments where Mali GPU hardware is utilized.