CVE-2024-35835

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: fix a double-free in arfs_create_groups

When in allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_groups, will hold this error and call to mlx5e_destroy_flow_table, in which the ft->g will be freed again.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < e3d3ed8c152971dbe64c92c9ecb98fdb52abb629affected
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < 2501afe6c4c9829d03abe9a368b83d9ea1b611b7affected
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5affected
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < c57ca114eb00e03274dd38108d07a3750fa3c056affected
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < 42876db001bbea7558e8676d1019f08f9390addbaffected
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7affected
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < 66cc521a739ccd5da057a1cb3d6346c6d0e7619baffected
LinuxLinux1cabe6b0965ec067ac60e8f182f16d479a3b9a5c < 3c6d5189246f590e4e1f167991558bdb72a4738baffected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux4.19.307 <= 4.19.*unaffected
LinuxLinux5.4.269 <= 5.4.*unaffected
LinuxLinux5.10.210 <= 5.10.*unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.76 <= 6.1.*unaffected
LinuxLinux6.6.15 <= 6.6.*unaffected
LinuxLinux6.7.3 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References