CVE-2024-56746

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() When information such as info->screen_base is not ready, calling
sh7760fb_free_mem() does not release memory correctly. Call
dma_free_coherent() instead.

In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() When information such as info->screen_base is not ready, calling sh7760fb_free_mem() does not release memory correctly. Call dma_free_coherent() instead.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2024-12-29 CVE Published
2025-03-30 EPSS Updated
2025-04-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/4a25e41831ee851c1365d8b41decc22493b18e6d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce	2024-12-05
https://git.kernel.org/stable/c/d48cbfa90dce506030151915fa3346d67f964af4	2024-12-14
https://git.kernel.org/stable/c/29216bb390e36daeebef66abaa02d9751330252b	2024-12-14
https://git.kernel.org/stable/c/f4fbd70e15fafe36a7583954ce189aaf5536aeec	2024-12-14
https://git.kernel.org/stable/c/40f4326ed05a3b3537556ff2a844958b9e779a98	2024-12-14
https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2	2024-12-09
https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5	2024-12-05
https://git.kernel.org/stable/c/bad37309c8b8bf1cfc893750df0951a804009ca0	2024-12-05
https://git.kernel.org/stable/c/f89d17ae2ac42931be2a0153fecbf8533280c927	2024-11-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 4.19.325 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.13"		en		Affected