CVE-2024-26652

net: pds_core: Fix possible double free in error handling path

CVSS 4.1 MEDIUMEPSS 0.3%

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 mar 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Produtos afetados

Linux · Linux

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3 https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bd https://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3