7.8

CVE-2024-35847

irqchip/gic-v3-its: Prevent double free on error

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3-its: Prevent double free on error

The error handling path in its_vpe_irq_domain_alloc() causes a double free
when its_vpe_init() fails after successfully allocating at least one
interrupt. This happens because its_vpe_irq_domain_free() frees the
interrupts along with the area bitmap and the vprop_page and
its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the
vprop_page again.

Fix this by unconditionally invoking its_vpe_irq_domain_free() which
handles all cases correctly and by removing the bitmap/vprop_page freeing
from its_vpe_irq_domain_alloc().

[ tglx: Massaged change log ]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14 < 4.19.313
LinuxLinux Kernel Version >= 4.20 < 5.4.275
LinuxLinux Kernel Version >= 5.5 < 5.10.216
LinuxLinux Kernel Version >= 5.11 < 5.15.158
LinuxLinux Kernel Version >= 5.16 < 6.1.90
LinuxLinux Kernel Version >= 6.2 < 6.6.30
LinuxLinux Kernel Version >= 6.7 < 6.8.9
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.158
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Patch
https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792
Patch
https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137
Patch
https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438
Patch
https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52
Patch
https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662
Patch
https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91
Patch
https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9
Patch
https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae
Patch