CVE-2024-56573

MEDIUM

Linux kernel - Use After Free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool().

References (3)

[Patch] https://git.kernel.org/stable/c/06d39d79cbd5a91a33707951ebf2512d0e759847

[Patch] https://git.kernel.org/stable/c/d173aee5709bd0994d216d60589ec67f8b11376a

[Patch] https://git.kernel.org/stable/c/eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-763

Status published

Products (3)

linux/Kernel 6.2.0 - 6.6.64linux

linux/Kernel 6.7.0 - 6.12.4linux

linux/linux_kernel 6.2 - 6.6.64

Published Dec 27, 2024

Tracked Since Feb 18, 2026