CVE-2024-40932

MEDIUM

Linux Kernel < 4.19.317, 4.20.0-6.9.6 - Use-After-Free in DRM Exynos VIDI

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed. Fix it.

References (9)

Core 9

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819

Patch

https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8

Patch

https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003

Patch

https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226

Patch

https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1

Patch

https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224

Patch

https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d

Patch

https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 17.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (27)

linux/Kernel 3.15.0 - 4.19.317linux

linux/Kernel 4.20.0 - 5.4.279linux

linux/Kernel 5.11.0 - 5.15.162linux

linux/Kernel 5.16.0 - 6.1.95linux

linux/Kernel 5.5.0 - 5.10.221linux

linux/Kernel 6.2.0 - 6.6.35linux

linux/Kernel 6.7.0 - 6.9.6linux

Linux/Linux < 3.15

Linux/Linux 3.15

Linux/Linux 4.19.317 - 4.19.*

... and 17 more

Published Jul 12, 2024

Tracked Since Feb 18, 2026