CVE-2024-36940

Updated: 2026-02-27 02:14:36.876395

Description:

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1743193221 2025-02-22 01:19:02
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-09-28 00:12:24 Not affected: this flaw is a double‑free in the kernel pinctrl core that exists only in upstream k...
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2025-09-16 14:03:16 Not affected: The double-free fixed by CVE-2024-36940 was introduced by commit 6118714275f0 (“pinc...
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1725872696 2024-09-09 05:24:19
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1725876080 2024-09-09 12:14:22
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2026:1770032032 2026-02-02 16:29:54
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2025-09-23 10:51:00 Postponed until request or high risk detected
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-09-23 10:50:56 Postponed until request or high risk detected
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2025-11-02 11:04:52 Not affected: this flaw is a double‑free in the kernel pinctrl core that exists only in upstream k...
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2024:1723808285 2024-08-16 12:13:17
Total: 12