7.8
CVE-2024-46674
- EPSS 0.02%
- Published 13.09.2024 06:15:12
- Last modified 03.11.2025 23:15:52
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Open
LoginIn the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.18 < 4.19.321
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.283
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.225
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.166
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.108
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.49
Linux ≫ Linux Kernel Version >= 6.7 < 6.10.8
Linux ≫ Linux Kernel Version6.11 Updaterc1
Linux ≫ Linux Kernel Version6.11 Updaterc2
Linux ≫ Linux Kernel Version6.11 Updaterc3
Linux ≫ Linux Kernel Version6.11 Updaterc4
Linux ≫ Linux Kernel Version6.11 Updaterc5
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.023 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.