CVE-2024-26652

MEDIUM

Linux Kernel 6.4-6.6.21, 6.7-6.7.9 - Use-After-Free in pds_core Error Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3

Patch

https://git.kernel.org/stable/c/ffda0e962f270b3ec937660afd15b685263232d3

Patch

https://git.kernel.org/stable/c/ba18deddd6d502da71fd6b6143c53042271b82bd

Scores

CVSS v3 4.1

EPSS 0.0030

EPSS Percentile 21.5%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-415

Status published

Products (12)

linux/Kernel 6.4.0 - 6.6.22linux

linux/Kernel 6.7.0 - 6.7.10linux

Linux/Linux < 6.4

Linux/Linux 4569cce43bc61e4cdd76597a1cf9b608846c18cc - 995f802abff209514ac2ee03b96224237646cec3

Linux/Linux 4569cce43bc61e4cdd76597a1cf9b608846c18cc - ba18deddd6d502da71fd6b6143c53042271b82bd

Linux/Linux 4569cce43bc61e4cdd76597a1cf9b608846c18cc - ffda0e962f270b3ec937660afd15b685263232d3

Linux/Linux 6.4

Linux/Linux 6.6.22 - 6.6.*

Linux/Linux 6.7.10 - 6.7.*

Linux/Linux 6.8

... and 2 more

Published Mar 27, 2024

Tracked Since Feb 18, 2026