CVE-2024-56766Double Free in Linux

CWE-415Double Free15 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJan 6
Latest updateApr 1

Description

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel4.19.3254.20+8
Debianlinux/linux_kernel< 5.10.234-1+3
CVEListV5linux/linux22fbbc37edb840fd420fadf670366be9bf028426ca9818554b0f33e87f38e4bfa2dac056692d46cc+14
debiandebian/linux< linux 6.1.123-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
OSV
linux-raspi vulnerabilities2025-04-01
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-6.11, linux-oracle, linux-realtime vulnerabilities2025-03-27
OSV
linux-oem-6.11 vulnerabilities2025-03-27
OSV
linux-lowlatency vulnerabilities2025-03-27
OSV
linux-lowlatency-hwe-6.11 vulnerabilities2025-03-27

📋Vendor Advisories

7
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-04-01
Ubuntu
Linux kernel (Low Latency) vulnerabilities2025-03-27
Ubuntu
Linux kernel (Low Latency) vulnerabilities2025-03-27
Ubuntu
Linux kernel vulnerabilities2025-03-27
Ubuntu
Linux kernel (OEM) vulnerabilities2025-03-27