#VU93040 Double free in Linux kernel


Published: 2024-06-21

Vulnerability identifier: #VU93040

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38627

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931
http://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695
http://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b
http://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36
http://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247
http://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20
http://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be
http://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability