CVE-2024-36940

Updated: 2024-08-13 01:41:41.228794

Description:

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x LOW 2.3

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 2.3 LOW Ignored 2024-08-13 14:24:57
AlmaLinux 9.2 FIPS kernel 5.14.0 2.3 LOW Ignored 2024-08-13 14:24:57
CentOS 6 ELS kernel 2.6.32 2.3 LOW Ignored 2024-08-13 14:24:57
CentOS 7 ELS kernel 3.10.0 2.3 LOW Ignored 2024-08-13 14:24:57
CentOS 8.4 ELS kernel 4.18.0 2.3 LOW Released CLSA-2024:1725872696 2024-09-09 05:24:19
CentOS 8.5 ELS kernel 4.18.0 2.3 LOW Released CLSA-2024:1725876080 2024-09-09 12:14:22
CentOS Stream 8 ELS kernel 4.18.0 2.3 LOW Needs Triage 2024-08-13 02:02:53
CloudLinux 6 ELS kernel 2.6.32 2.3 LOW Ignored 2024-08-13 14:24:57
CloudLinux 7 ELS kernel 3.10.0 2.3 LOW Ignored 2024-08-13 14:24:57
Oracle Linux 6 ELS kernel 2.6.32 2.3 LOW Ignored 2024-08-13 14:24:57
Total: 13