CVE-2024-56766

mtd: rawnand: fix double free in atmel_pmecc_create_user()

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to
being allocated by devm_kzalloc(). Calling kfree(user) will lead to a
double free.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: rawnand: se corrige una liberación doble en atmel_pmecc_create_user(). El puntero "usuario" pasó de estar asignado con kzalloc() a estar asignado por devm_kzalloc(). Llamar a kfree(user) provocará una liberación doble.

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-01-06 CVE Published
2025-01-06 CVE Updated
2025-01-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/24cbc37e837fd9e31e5024480b779207d1d99f1d	Vuln. Introduced
https://git.kernel.org/stable/c/f1290871c8aaeb13029390a2b6e5c05733a1be6f	Vuln. Introduced
https://git.kernel.org/stable/c/8ac19ec818c548c5788da5926dcc8af96fad4bb1	Vuln. Introduced
https://git.kernel.org/stable/c/6d734f1bfc336aaea91313a5632f2f197608fadd	Vuln. Introduced
https://git.kernel.org/stable/c/2014fcea19ec27df033359a0f42db0e8ed4290a8	Vuln. Introduced
https://git.kernel.org/stable/c/22fbbc37edb840fd420fadf670366be9bf028426	Vuln. Introduced
https://git.kernel.org/stable/c/54cb5fa850f9306d84e49a3db44b7a7eb5536cd1	Vuln. Introduced
https://git.kernel.org/stable/c/5fe7709251e334cc27618473299c48340cecd3c8	Vuln. Introduced
https://git.kernel.org/stable/c/bdd11a04d102f8310812aa7cec39545fdd6662d1	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7	2025-01-02
https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a	2025-01-02
https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d	2025-01-02
https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17	2024-12-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.120 < 6.1.123 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.120 < 6.1.123"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.64 < 6.6.69 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.64 < 6.6.69"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12.2 < 6.12.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12.2 < 6.12.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.13-rc1 < 6.13-rc5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.13-rc1 < 6.13-rc5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.325 Search vendor "Linux" for product "Linux Kernel" and version "4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.287 Search vendor "Linux" for product "Linux Kernel" and version "5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.231 Search vendor "Linux" for product "Linux Kernel" and version "5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.174 Search vendor "Linux" for product "Linux Kernel" and version "5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.11.11 Search vendor "Linux" for product "Linux Kernel" and version "6.11.11"		en		Affected