CVE-2024-50055

HIGH

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free.

References (5)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

[Patch] https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a

[Patch] https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248

[Patch] https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-415

Status published

Products (3)

linux/Kernel 6.3.0 - 6.6.57linux

linux/Kernel 6.7.0 - 6.11.4linux

linux/linux_kernel < 6.6.57

Published Oct 21, 2024

Tracked Since Feb 18, 2026