Main Vulnerability Database SB2024102916

SB2024102916 - Double free in Linux kernel pinctrl nuvoton driver

Published: October 29, 2024 Updated: May 12, 2025

Security Bulletin ID SB2024102916

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Double free (CVE-ID: CVE-2024-50071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ma35_pinctrl_dt_node_to_map_func() function in drivers/pinctrl/nuvoton/pinctrl-ma35.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/6441d9c3d71b59c8fd27d4e381c7471a32ac1a68
https://git.kernel.org/stable/c/3fd976afe9743110f20a23f93b7ff9693f2be4bf
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12