5.3

CVE-2024-35835

net/mlx5e: fix a double-free in arfs_create_groups

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: fix a double-free in arfs_create_groups

When `in` allocated by kvzalloc fails, arfs_create_groups will free
ft->g and return an error. However, arfs_create_table, the only caller of
arfs_create_groups, will hold this error and call to
mlx5e_destroy_flow_table, in which the ft->g will be freed again.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.7 < 4.19.307
LinuxLinux Kernel Version >= 4.20 < 5.4.269
LinuxLinux Kernel Version >= 5.5 < 5.10.210
LinuxLinux Kernel Version >= 5.11 < 5.15.149
LinuxLinux Kernel Version >= 5.16 < 6.1.76
LinuxLinux Kernel Version >= 6.2 < 6.6.15
LinuxLinux Kernel Version >= 6.7 < 6.7.3
LinuxLinux Kernel Version6.8 Updaterc1
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.86% 0.537
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
Mailing List
https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7
Patch
https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b
Patch
https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb
Patch
https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b
Patch
https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7
Patch
https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056
Patch
https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5
Patch
https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629
Patch