CVE-2024-26652

net: pds_core: Fix possible double free in error handling path

CVSS 4.1 MEDIUMEPSS 0.3%

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 mar 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Productos afectados

Linux · Linux

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3 https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bd https://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3