CVE-2024-58055

HIGH

Linux Kernel < 5.4.291 - Double Free

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command.

References (10)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

[Patch] https://git.kernel.org/stable/c/16907219ad6763f401700e1b57b2da4f3e07f047

[Patch] https://git.kernel.org/stable/c/38229c35a6d7875697dfb293356407330cfcd23e

[Patch] https://git.kernel.org/stable/c/7cb72dc08ed8da60fd6d1f6adf13bf0e6ee0f694

[Patch] https://git.kernel.org/stable/c/929b69810eec132b284ffd19047a85d961df9e4d

[Patch] https://git.kernel.org/stable/c/bbb7f49839b57d66ccaf7b5752d9b63d3031dd0a

[Patch] https://git.kernel.org/stable/c/c225d006a31949d673e646d585d9569bc28feeb9

[Patch] https://git.kernel.org/stable/c/e6693595bd1b55af62d057a4136a89d5c2ddf0e9

[Patch] https://git.kernel.org/stable/c/f0c33e7d387ccbb6870e73a43c558fefede06614

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-415

Status published

Products (8)

linux/Kernel 4.6.0 - 5.4.291linux

linux/Kernel 5.11.0 - 5.15.179linux

linux/Kernel 5.16.0 - 6.1.129linux

linux/Kernel 5.5.0 - 5.10.235linux

linux/Kernel 6.13.0 - 6.13.2linux

linux/Kernel 6.2.0 - 6.6.76linux

linux/Kernel 6.7.0 - 6.12.13linux

linux/linux_kernel 4.6 - 5.4.291

Published Mar 06, 2025

Tracked Since Feb 18, 2026