CVE-2024-49986

HIGH

Linux Kernel 5.17-6.6.54, 6.1-6.1.117, 6.2-6.6.54, 6.7-6.10.13, 6.11-6.11.2 - Use-After-Free in x86-android-tablets

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it should not be used after calling x86_android_tablet_remove(). When platform_device_register() fails, store the pdevs[x] PTR_ERR() value into the local ret variable before calling x86_android_tablet_remove() to avoid using pdevs[] after it has been freed.

References (6)

Core 6

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/ba0b09a2f327319e252d8f3032019b958c0a5cd9

Patch

https://git.kernel.org/stable/c/aac871e493fc8809e60209d9899b1af07e9dbfc8

Patch

https://git.kernel.org/stable/c/f08adc5177bd4343df09033f62ab562c09ba7f7d

Patch

https://git.kernel.org/stable/c/73a98cf79e4dbfa3d0c363e826c65aae089b313c

Patch

https://git.kernel.org/stable/c/2fae3129c0c08e72b1fe93e61fd8fd203252094a

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (19)

debian/debian_linux 11.0

linux/Kernel 5.17.0 - 6.1.118linux

linux/Kernel 6.11.0 - 6.11.3linux

linux/Kernel 6.2.0 - 6.6.55linux

linux/Kernel 6.7.0 - 6.10.14linux

Linux/Linux < 5.17

Linux/Linux 5.17

Linux/Linux 5eba0141206ea521bbcfcf5067c174e825e943dd - 2fae3129c0c08e72b1fe93e61fd8fd203252094a

Linux/Linux 5eba0141206ea521bbcfcf5067c174e825e943dd - 73a98cf79e4dbfa3d0c363e826c65aae089b313c

Linux/Linux 5eba0141206ea521bbcfcf5067c174e825e943dd - aac871e493fc8809e60209d9899b1af07e9dbfc8

... and 9 more

Published Oct 21, 2024

Tracked Since Feb 18, 2026