#VU102194 Double free in Linux kernel - CVE-2024-53191

Cybersecurity Help s.r.o.

Published: 2024-12-30 | Updated: 2025-05-11

Vulnerability identifier: #VU102194

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53191

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ath12k_dp_free() function in drivers/net/wireless/ath/ath12k/dp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.6.26, 6.6.27, 6.6.28, 6.6.29, 6.6.30, 6.6.31, 6.6.32, 6.6.33, 6.6.34, 6.6.35, 6.6.36, 6.6.37, 6.6.38, 6.6.39, 6.6.40, 6.6.41, 6.6.42, 6.6.43, 6.6.44, 6.6.45, 6.6.46, 6.6.47, 6.6.48, 6.6.49, 6.6.50, 6.6.51, 6.6.52, 6.6.53, 6.6.54, 6.6.55, 6.6.56, 6.6.57, 6.6.58, 6.6.59, 6.6.60, 6.6.61, 6.6.62, 6.6.63, 6.11, 6.11.1, 6.11.2, 6.11.3, 6.11.4, 6.11.5, 6.11.6, 6.11.7, 6.11.8, 6.11.9, 6.11.10, 6.12, 6.12.1

External links
https://git.kernel.org/stable/c/223b546c6222d42147eff034433002ca5e2e7e09
https://git.kernel.org/stable/c/90556b96338aa6037cd26dac857327fda7c19732
https://git.kernel.org/stable/c/94c9100b600f05a36b33f9ed76dbd6fb0eb25386
https://git.kernel.org/stable/c/ca68ce0d9f4bcd032fd1334441175ae399642a06
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure-nvidia

Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components

Ubuntu update for linux-hwe-6.8

Ubuntu update for linux-realtime

Ubuntu update for linux-aws-6.8

Ubuntu update for linux-gcp-6.8

Ubuntu update for linux

Ubuntu update for linux-gcp

Dell SmartFabric Manager update for third-party components

Ubuntu update for linux-oem-6.11