7.8

CVE-2024-56766

mtd: rawnand: fix double free in atmel_pmecc_create_user()

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: fix double free in atmel_pmecc_create_user()

The "user" pointer was converted from being allocated with kzalloc() to
being allocated by devm_kzalloc().  Calling kfree(user) will lead to a
double free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.325 < 4.20
LinuxLinux Kernel Version >= 5.4.287 < 5.5
LinuxLinux Kernel Version >= 5.10.231 < 5.11
LinuxLinux Kernel Version >= 5.15.174 < 5.16
LinuxLinux Kernel Version >= 6.1.120 < 6.1.123
LinuxLinux Kernel Version >= 6.6.64 < 6.6.69
LinuxLinux Kernel Version >= 6.11.11 < 6.12
LinuxLinux Kernel Version >= 6.12.2 < 6.12.8
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.119
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/1562871ef613fa9492aa0310933eff785166a90e
https://git.kernel.org/stable/c/3d825a241e65f7e3072978729e79d735ec40b80e
https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7
Patch
https://git.kernel.org/stable/c/ca9818554b0f33e87f38e4bfa2dac056692d46cc
https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d
Patch
https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17
Patch
https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html