CVE-2024-36973

Summary

In the Linux kernel, the following vulnerability has been resolved:

misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()

When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function gp_auxiliary_device_release() calls ida_free() and kfree(aux_device_wrapper) to free memory. We should't call them again in the error handling path.

Fix this by skipping the redundant cleanup functions.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux393fc2f5948fd340d016a9557eea6e1ac2f6c60c < 34ae447b138680b5ed3660f7d935ff3faf88ba1aaffected
LinuxLinux393fc2f5948fd340d016a9557eea6e1ac2f6c60c < 86c9713602f786f441630c4ee02891987f8618b9affected
LinuxLinux393fc2f5948fd340d016a9557eea6e1ac2f6c60c < 1efe551982297924d05a367aa2b6ec3d275d5742affected
LinuxLinux393fc2f5948fd340d016a9557eea6e1ac2f6c60c < 086c6cbcc563c81d55257f9b27e14faf1d0963d3affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.95 <= 6.1.*unaffected
LinuxLinux6.6.35 <= 6.6.*unaffected
LinuxLinux6.9.6 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References