Detections
Analytics

CVE-2024-50159

high

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() Clang static checker(scan-build) throws below warning: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Attempt to free released memory. When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup() will run twice which causes double free of 'dbg->name'. Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.

References

https://git.kernel.org/stable/c/fb324fdaf546bf14bc4c17e0037bca6cb952b121

https://git.kernel.org/stable/c/6d91d07913aee90556362d648d6a28a1eda419dc

https://git.kernel.org/stable/c/39b13dce1a91cdfc3bec9238f9e89094551bd428

Details

Source: Mitre, NVD

Published: 2024-11-07

Updated: 2024-11-19

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High