CVE-2024-36959

pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference
count we just took. Because the pinctrl_dt_free_maps() includes the
droping operation, here we call it directly.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: pinctrl: devicetree: corrige la fuga de recuento de referencia en pinctrl_dt_to_map() Si no asignamos el búfer de nombre de propiedad, debemos eliminar el recuento de referencias que acabamos de tomar. Debido a que pinctrl_dt_free_maps() incluye la operación de eliminación, aquí la llamamos directamente.

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.

Benedict SchlÃ¼ter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-05-30 CVE Published
2024-12-19 CVE Updated
2025-03-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (18)

URL	Tag	Source
https://git.kernel.org/stable/c/a988dcd3dd9e691c5ccc3324b209688f3b5453e9	Vuln. Introduced
https://git.kernel.org/stable/c/040f726fecd88121f3b95e70369785ad452dddf9	Vuln. Introduced
https://git.kernel.org/stable/c/777430aa4ddccaa5accec6db90ffc1d47f00d471	Vuln. Introduced
https://git.kernel.org/stable/c/97e5b508e96176f1a73888ed89df396d7041bfcb	Vuln. Introduced
https://git.kernel.org/stable/c/91d5c5060ee24fe8da88cd585bb43b843d2f0dce	Vuln. Introduced
https://git.kernel.org/stable/c/aaf552c5d53abe4659176e099575fe870d2e4768	Vuln. Introduced
https://git.kernel.org/stable/c/b4d9f55cd38435358bc16d580612bc0d798d7b4c	Vuln. Introduced
https://git.kernel.org/stable/c/5834a3a98cd266ad35a229923c0adbd0addc8d68	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1	2024-05-17
https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f	2024-05-17
https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274	2024-05-17
https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d	2024-05-17
https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6	2024-05-17
https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec	2024-05-17
https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049	2024-05-17
https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404	2024-04-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.267 < 4.19.314 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.267 < 4.19.314"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.225 < 5.4.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.225 < 5.4.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.156 < 5.10.217 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.156 < 5.10.217"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.80 < 5.15.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.80 < 5.15.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.8.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.334 Search vendor "Linux" for product "Linux Kernel" and version "4.9.334"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.300 Search vendor "Linux" for product "Linux Kernel" and version "4.14.300"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.0.10 Search vendor "Linux" for product "Linux Kernel" and version "6.0.10"		en		Affected