CVE-2024-26652
Published: March 28, 2024Last modified: March 28, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.1 |
| Attack Vector | PHYSICAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity impact | LOW |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.33-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |