CVE-2024-56573
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi/libstub: Free correct pointer on failure
cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack.
cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 42c8ea3dca094ab82776ca706fb7a9cbe8ac3dc9 < d173aee5709bd0994d216d60589ec67f8b11376a | affected |
| Linux | Linux | 42c8ea3dca094ab82776ca706fb7a9cbe8ac3dc9 < eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf | affected |
| Linux | Linux | 42c8ea3dca094ab82776ca706fb7a9cbe8ac3dc9 < 06d39d79cbd5a91a33707951ebf2512d0e759847 | affected |
| Linux | Linux | 6.2 | affected |
| Linux | Linux | 0 < 6.2 | unaffected |
| Linux | Linux | 6.6.64 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.4 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/d173aee5709bd0994d216d60589ec67f8b11376a
- https://git.kernel.org/stable/c/eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf
- https://git.kernel.org/stable/c/06d39d79cbd5a91a33707951ebf2512d0e759847
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.