CVE-2024-26652
4.1
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: pds_core: Fix possible double free in error handling path
When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path.
Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4569cce43bc61e4cdd76597a1cf9b608846c18cc < 995f802abff209514ac2ee03b96224237646cec3 | affected |
| Linux | Linux | 4569cce43bc61e4cdd76597a1cf9b608846c18cc < ffda0e962f270b3ec937660afd15b685263232d3 | affected |
| Linux | Linux | 4569cce43bc61e4cdd76597a1cf9b608846c18cc < ba18deddd6d502da71fd6b6143c53042271b82bd | affected |
| Linux | Linux | 6.4 | affected |
| Linux | Linux | 0 < 6.4 | unaffected |
| Linux | Linux | 6.6.22 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.10 <= 6.7.* | unaffected |
| Linux | Linux | 6.8 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3
- https://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3
- https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bd
References
- https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3
- https://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3
- https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.