CVE-2024-53191
HIGHLinux Kernel < 6.6.64 - Double Free
Title source: ruleDescription
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix warning when unbinding If there is an error during some initialization related to firmware, the buffers dp->tx_ring[i].tx_status are released. However this is released again when the device is unbinded (ath12k_pci), and we get: WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80 Call Trace: free_large_kmalloc ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set the buffers to NULL after releasing in order to avoid the double free.
References (4)
Scores
CVSS v3
7.8
EPSS
0.0001
EPSS Percentile
2.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-415
Status
published
Affected Products (4)
linux/linux_kernel
< 6.6.64
linux/Kernel
< 6.6.64linux
linux/Kernel
< 6.11.11linux
linux/Kernel
< 6.12.2linux
Timeline
Published
Dec 27, 2024
Tracked Since
Feb 18, 2026