CVE-2024-46673

Updated: 2025-11-19 04:10:28.175993

Description:

In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac_probe_one() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting.in a double-free.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1743193221 2024-09-26 12:37:13
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2024:1728297376 2024-10-25 01:09:28
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2024:1727167500 2024-10-03 15:25:03
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1727690947 2024-09-30 10:49:41
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1727690025 2024-09-30 10:49:42
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1729874131 2024-10-25 14:34:16
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2024-10-09 03:45:45
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-01-10 22:43:36 CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo...
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2024:1728298943 2024-10-07 10:51:28
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1742322442 2025-03-25 03:29:36
Total: 15