CVE-2024-42069

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function adev_release calls kfree(madev). We shouldn't call kfree(madev) again in the error handling path. Set 'madev' to NULL.

References

https://git.kernel.org/stable/c/ed45c0a0b662079d4c0e518014cc148c753979b4

https://git.kernel.org/stable/c/3243e64eb4d897c3eeb48b2a7221ab5a95e1282a

https://git.kernel.org/stable/c/1864b8224195d0e43ddb92a8151f54f6562090cc

Details

Source: Mitre, NVD

Published: 2024-07-29

Updated: 2024-07-30

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium