CVE-2024-36959
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a988dcd3dd9e691c5ccc3324b209688f3b5453e9 < 06780473cb8a858d1d6cab2673e021b072a852d1 | affected |
| Linux | Linux | 040f726fecd88121f3b95e70369785ad452dddf9 < 47d253c485491caaf70d8cd8c0248ae26e42581f | affected |
| Linux | Linux | 777430aa4ddccaa5accec6db90ffc1d47f00d471 < 35ab679e8bb5a81a4f922d3efbd43e32bce69274 | affected |
| Linux | Linux | 97e5b508e96176f1a73888ed89df396d7041bfcb < 76aa2440deb9a35507590f2c981a69a57ecd305d | affected |
| Linux | Linux | 91d5c5060ee24fe8da88cd585bb43b843d2f0dce < 518d5ddafeb084d6d9b1773ed85164300037d0e6 | affected |
| Linux | Linux | 91d5c5060ee24fe8da88cd585bb43b843d2f0dce < 026e24cf31733dbd97f41cc9bc5273ace428eeec | affected |
| Linux | Linux | 91d5c5060ee24fe8da88cd585bb43b843d2f0dce < c7e02ccc9fdc496fe51e440e3e66ac36509ca049 | affected |
| Linux | Linux | 91d5c5060ee24fe8da88cd585bb43b843d2f0dce < a0cedbcc8852d6c77b00634b81e41f17f29d9404 | affected |
| Linux | Linux | aaf552c5d53abe4659176e099575fe870d2e4768 | affected |
| Linux | Linux | b4d9f55cd38435358bc16d580612bc0d798d7b4c | affected |
| Linux | Linux | 5834a3a98cd266ad35a229923c0adbd0addc8d68 | affected |
| Linux | Linux | 4.19.267 < 4.19.314 | affected |
| Linux | Linux | 5.4.225 < 5.4.276 | affected |
| Linux | Linux | 5.10.156 < 5.10.217 | affected |
| Linux | Linux | 5.15.80 < 5.15.159 | affected |
| Linux | Linux | 4.9.334 < 4.10 | affected |
| Linux | Linux | 4.14.300 < 4.15 | affected |
| Linux | Linux | 6.0.10 < 6.1 | affected |
| Linux | Linux | 6.1 | affected |
| Linux | Linux | 0 < 6.1 | unaffected |
| Linux | Linux | 4.19.314 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.276 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.217 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.159 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.91 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.31 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.10 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1
- https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f
- https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274
- https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d
- https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6
- https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec
- https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049
- https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
References
- https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1
- https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f
- https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274
- https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d
- https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6
- https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec
- https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049
- https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.