CVE-2024-50055

high

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free.

References

https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1

https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248

https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a

Details

Source: Mitre, NVD

Published: 2024-10-21

Updated: 2024-10-23

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High