← Back

CVE-2024-26652

nvd nist
Published: Mar 27, 2024Modified: Apr 8, 2025

JSON object

Loading...
4.1
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Exploitability: 0.7 / Impact: 3.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.

Affected (8)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 6.4 to 6.6.22
Linux Kernel
From 6.7 to 6.7.10
Linux Kernel
Version 6.8 rc1
Linux Kernel
Version 6.8 rc2
Linux Kernel
Version 6.8 rc3
Linux Kernel
Version 6.8 rc4
Linux Kernel
Version 6.8 rc5
Linux Kernel
Version 6.8 rc6

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.