CVE-2024-36959

Summary

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()

If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa988dcd3dd9e691c5ccc3324b209688f3b5453e9 < 06780473cb8a858d1d6cab2673e021b072a852d1affected
LinuxLinux040f726fecd88121f3b95e70369785ad452dddf9 < 47d253c485491caaf70d8cd8c0248ae26e42581faffected
LinuxLinux777430aa4ddccaa5accec6db90ffc1d47f00d471 < 35ab679e8bb5a81a4f922d3efbd43e32bce69274affected
LinuxLinux97e5b508e96176f1a73888ed89df396d7041bfcb < 76aa2440deb9a35507590f2c981a69a57ecd305daffected
LinuxLinux91d5c5060ee24fe8da88cd585bb43b843d2f0dce < 518d5ddafeb084d6d9b1773ed85164300037d0e6affected
LinuxLinux91d5c5060ee24fe8da88cd585bb43b843d2f0dce < 026e24cf31733dbd97f41cc9bc5273ace428eeecaffected
LinuxLinux91d5c5060ee24fe8da88cd585bb43b843d2f0dce < c7e02ccc9fdc496fe51e440e3e66ac36509ca049affected
LinuxLinux91d5c5060ee24fe8da88cd585bb43b843d2f0dce < a0cedbcc8852d6c77b00634b81e41f17f29d9404affected
LinuxLinuxaaf552c5d53abe4659176e099575fe870d2e4768affected
LinuxLinuxb4d9f55cd38435358bc16d580612bc0d798d7b4caffected
LinuxLinux5834a3a98cd266ad35a229923c0adbd0addc8d68affected
LinuxLinux4.19.267 < 4.19.314affected
LinuxLinux5.4.225 < 5.4.276affected
LinuxLinux5.10.156 < 5.10.217affected
LinuxLinux5.15.80 < 5.15.159affected
LinuxLinux4.9.334 < 4.10affected
LinuxLinux4.14.300 < 4.15affected
LinuxLinux6.0.10 < 6.1affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux4.19.314 <= 4.19.*unaffected
LinuxLinux5.4.276 <= 5.4.*unaffected
LinuxLinux5.10.217 <= 5.10.*unaffected
LinuxLinux5.15.159 <= 5.15.*unaffected
LinuxLinux6.1.91 <= 6.1.*unaffected
LinuxLinux6.6.31 <= 6.6.*unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References