CVE-2024-46741

Published: Sep 18, 2024Modified: Sep 20, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' In fastrpc_req_mmap() error path, the fastrpc buffer is freed in fastrpc_req_munmap_impl() if unmap is successful. But in the end, there is an unconditional call to fastrpc_buf_free(). So the above case triggers the double free of fastrpc buf.

Affected (8)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.2 to 6.6.51
Linux Linux Kernel	From 6.7 to 6.10.10
Linux Linux Kernel	Version 6.11 rc1
Linux Linux Kernel	Version 6.11 rc2
Linux Linux Kernel	Version 6.11 rc3
Linux Linux Kernel	Version 6.11 rc4
Linux Linux Kernel	Version 6.11 rc5
Linux Linux Kernel	Version 6.11 rc6

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (3)

https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.