Linux Kernel pinctrl doublefree in pinctrl_enable(): CVE-2024-36940 May 2024

Linux Kernel pinctrl doublefree in pinctrl_enable()
CVE-2024-36940 Published on May 30, 2024

pinctrl: core: delete incorrect free in pinctrl_enable()
In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

Products Associated with CVE-2024-36940

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-36940 are published in these products:

Affected Versions

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below 735f4c6b6771eafe336404c157ca683ad72a040d is affected.

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below cdaa171473d98962ae86f2a663d398fda2fbeefd is affected.

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below 288bc4aa75f150d6f1ee82dd43c6da1b438b6068 is affected.

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below 41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca is affected.

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below ac7d65795827dc0cf7662384ed27caf4066bd72e is affected.

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below 558c8039fdf596a584a92c171cbf3298919c448c is affected.

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below f9f1e321d53e4c5b666b66e5b43da29841fb55ba is affected.

Version 6118714275f0a313ecc296a87ed1af32d9691bed and below 5038a66dad0199de60e5671603ea6623eb9e5c79 is affected.

Version 4.11 is affected.

Before 4.11 is unaffected.

Version 4.19.314, <= 4.19.* is unaffected.

Version 5.4.276, <= 5.4.* is unaffected.

Version 5.10.217, <= 5.10.* is unaffected.

Version 5.15.159, <= 5.15.* is unaffected.

Version 6.1.91, <= 6.1.* is unaffected.

Version 6.6.31, <= 6.6.* is unaffected.

Version 6.8.10, <= 6.8.* is unaffected.

Version 6.9, <= * is unaffected.

Before V3.1 is affected.

Before * is unaffected.

Before V3.1 is affected.

Before * is affected.

Exploit Probability

EPSS

0.02%

Percentile

6.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Linux Kernel pinctrl doublefree in pinctrl_enable()CVE-2024-36940 Published on May 30, 2024

Products Associated with CVE-2024-36940

Affected Versions

Exploit Probability

Linux Kernel pinctrl doublefree in pinctrl_enable()
CVE-2024-36940 Published on May 30, 2024