CVE-2024-35847

Updated: 2024-07-14 04:30:00.166413

Description:

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoking its_vpe_irq_domain_free() which handles all cases correctly and by removing the bitmap/vprop_page freeing from its_vpe_irq_domain_alloc(). [ tglx: Massaged change log ]


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2024-08-13 14:25:28
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Ignored 2024-08-13 14:25:28
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:25:28
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-13 14:25:28
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 12:20:22
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 12:20:23
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 12:20:22
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:25:28
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-13 14:25:26
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:25:26
Total: 13