7.8

CVE-2024-26653

EPSS 0.02%
Published 01.04.2024 09:15:51
Last modified 14.01.2025 15:37:45
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

usb: misc: ljca: Fix double free in error handling path

When auxiliary_device_add() returns error and then calls
auxiliary_device_uninit(), callback function ljca_auxdev_release
calls kfree(auxdev->dev.platform_data) to free the parameter data
of the function ljca_new_client_device. The callers of
ljca_new_client_device shouldn't call kfree() again
in the error handling path to free the platform data.

Fix this by cleaning up the redundant kfree() in all callers and
adding kfree() the passed in platform_data on errors which happen
before auxiliary_device_init() succeeds .

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.12

Linux ≫ Linux Kernel Version >= 6.8 < 6.8.3

Linux ≫ Linux Kernel Version6.9 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://git.kernel.org/stable/c/420babea4f1881a7c4ea22a8e218b8c6895d3f21

Patch

https://git.kernel.org/stable/c/7c9631969287a5366bc8e39cd5abff154b35fb80

Patch

https://git.kernel.org/stable/c/8a9f653cc852677003c23ee8075e3ed8fb4743c9

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26653

EUVD