Double Free in Linux kernel pinctrl driver



Published: 2024-06-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-36940
CWE-ID CWE-415
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Double Free

EUVDB-ID: #VU90885

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36940

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d
http://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd
http://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068
http://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca
http://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e
http://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c
http://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba
http://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###