CVE-2024-56573

MEDIUM

Linux kernel - Use After Free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool().

References (3)

[Patch] https://git.kernel.org/stable/c/06d39d79cbd5a91a33707951ebf2512d0e759847

[Patch] https://git.kernel.org/stable/c/d173aee5709bd0994d216d60589ec67f8b11376a

[Patch] https://git.kernel.org/stable/c/eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 16.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-763

Status published

Affected Products (3)

linux/linux_kernel < 6.6.64

linux/Kernel < 6.6.64linux

linux/Kernel < 6.12.4linux

Timeline

Published Dec 27, 2024

Tracked Since Feb 18, 2026