← back
CVE-2024-26652

net: pds_core: Fix possible double free in error handling path

CVSS 4.1 MEDIUMEPSS 0.3%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected products
Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bdhttps://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3