CVE-2024-50159
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
Clang static checker(scan-build) throws below warning:
| drivers/firmware/arm_scmi/driver.c:line 2915, column 2
| Attempt to free released memory.
When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()
will run twice which causes double free of 'dbg->name'.
Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scmi: Se corrige la doble liberación en scmi_debugfs_common_setup() El verificador estático de Clang (scan-build) arroja la siguiente advertencia: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Intenta liberar la memoria liberada. Cuando devm_add_action_or_reset() falla, scmi_debugfs_common_cleanup() se ejecutará dos veces, lo que provoca una doble liberación de 'dbg->name'. Elimina el scmi_debugfs_common_cleanup() redundante para solucionar este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-10-21 CVE Reserved
- 2024-11-07 CVE Published
- 2024-11-07 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/c3d4aed763ce4a39f8ed36c7b7cd9a6a35971329 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6.59" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.11.6" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.12-rc4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.12-rc4" | en |
Affected
|