CVE-2024-42147

HIGH

Linux Kernel < 6.1.98 - Double Free

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/debugfs - Fix debugfs uninit process issue During the zip probe process, the debugfs failure does not stop the probe. When debugfs initialization fails, jumping to the error branch will also release regs, in addition to its own rollback operation. As a result, it may be released repeatedly during the regs uninit process. Therefore, the null check needs to be added to the regs uninit process.

References (5)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e

[Patch] https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739

[Patch] https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3

[Patch] https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-415

Status published

Products (4)

linux/Kernel 5.4.0 - 6.1.98linux

linux/Kernel 6.2.0 - 6.6.39linux

linux/Kernel 6.7.0 - 6.9.9linux

linux/linux_kernel < 6.1.98

Published Jul 30, 2024

Tracked Since Feb 18, 2026