CVE-2024-38627

Updated: 2024-09-09 22:39:53.840454

Description:

In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Needs Triage 2024-08-21 14:25:45
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Ignored 2024-08-13 14:24:42
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-09-11 14:25:09
CentOS 7 ELS kernel 3.10.0 7.8 HIGH In Testing 2024-09-13 03:34:17
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Ignored 2024-08-20 05:25:42
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Ignored 2024-08-20 05:25:42
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Ignored 2024-08-20 05:25:42
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-09-11 14:25:09
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2024-08-13 14:24:42
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-09-11 14:25:09
Total: 13