6.12

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

linux

CWE-415

NVD

Published: 2024-10-29

Updated: 2024-10-30

Summary

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() 'new_map' is allocated using devm_* which takes care of freeing the allocated data on device removal, call to .dt_free_map = pinconf_generic_dt_free_map double frees the map as pinconf_generic_dt_free_map() calls pinctrl_utils_free_map(). Fix this by using kcalloc() instead of auto-managed devm_kcalloc().

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.12 Linux Linux Kernel 6.11	11

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://git.kernel.org/stable/c/6441d9c3d71b59c8fd27d4e381c7471a32ac1a68
https://git.kernel.org/stable/c/3fd976afe9743110f20a23f93b7ff9693f2be4bf