CVE-2024-50197
pinctrl: intel: platform: fix error path in device_for_each_child_node()
Severity Score
"-"
*CVSS v-
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: intel: platform: fix error path in device_for_each_child_node()
The device_for_each_child_node() loop requires calls to
fwnode_handle_put() upon early returns to decrement the refcount of
the child node and avoid leaking memory if that error path is triggered.
There is one early returns within that loop in
intel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is
missing.
Instead of adding the missing call, the scoped version of the loop can
be used to simplify the code and avoid mistakes in the future if new
early returns are added, as the child node is only used for parsing, and
it is never assigned.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-10-21 CVE Reserved
- 2024-11-08 CVE Published
- 2024-11-08 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/c5860e4a2737a8b29dc426c800d01c5be6aad811 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/stable/c/be3f7b9f995a6c2ee02767a0319929a2a98adf69 | 2024-10-22 | |
| https://git.kernel.org/stable/c/16a6d2e685e8f9a2f51dd5a363d3f97fcad35e22 | 2024-09-30 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8 < 6.11.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.11.5" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8 < 6.12-rc4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.12-rc4" | en |
Affected
| ||||||