4.1
CVE-2024-26652
- EPSS 0.3%
- Veröffentlicht 27.03.2024 14:15:10
- Zuletzt bearbeitet 08.04.2025 19:29:03
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net: pds_core: Fix possible double free in error handling path
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.4 < 6.6.22
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.10
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
Linux ≫ Linux Kernel Version6.8 Updaterc4
Linux ≫ Linux Kernel Version6.8 Updaterc5
Linux ≫ Linux Kernel Version6.8 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.215 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.1 | 0.7 | 3.4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3
https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bd
https://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3