Lucene search
LinuxCVELIST:CVE-2024-26653HistoryApr 01, 2024 - 8:33 a.m.
CVE-2024-26653 usb: misc: ljca: Fix double free in error handling path
2024-04-0108:33:04
Linux
www.cve.org
linux kernel
ljca
double free
error handling path
kfree
platform data
In the Linux kernel, the following vulnerability has been resolved:
usb: misc: ljca: Fix double free in error handling path
When auxiliary_device_add() returns error and then calls
auxiliary_device_uninit(), callback function ljca_auxdev_release
calls kfree(auxdev->dev.platform_data) to free the parameter data
of the function ljca_new_client_device. The callers of
ljca_new_client_device shouldn’t call kfree() again
in the error handling path to free the platform data.
Fix this by cleaning up the redundant kfree() in all callers and
adding kfree() the passed in platform_data on errors which happen
before auxiliary_device_init() succeeds .
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/misc/usb-ljca.c"
],
"versions": [
{
"version": "acd6199f195d",
"lessThan": "420babea4f18",
"status": "affected",
"versionType": "git"
},
{
"version": "acd6199f195d",
"lessThan": "8a9f653cc852",
"status": "affected",
"versionType": "git"
},
{
"version": "acd6199f195d",
"lessThan": "7c9631969287",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/misc/usb-ljca.c"
],
"versions": [
{
"version": "6.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.12",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.3",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]Related
redhatcve
redhatcve
CVE-2024-26653
2024-04-01 09:26:02
debiancve
debiancve
CVE-2024-26653
2024-04-01 09:15:51
ubuntucve
ubuntucve
CVE-2024-26653
2024-04-01 00:00:00
nvd
nvd
CVE-2024-26653
2024-04-01 09:15:51
cve
cve
CVE-2024-26653
2024-04-01 09:15:51
openvas
openvas
Ubuntu: Security Advisory (USN-6817-3)
2024-06-17 00:00:00
Ubuntu: Security Advisory (USN-6817-1)
2024-06-10 00:00:00
Ubuntu: Security Advisory (USN-6817-2)
2024-06-11 00:00:00
osv
osv
linux-aws, linux-gcp vulnerabilities
2024-06-07 18:49:30
linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities
2024-06-07 18:18:31
linux-azure, linux-gke vulnerabilities
2024-06-14 17:24:38
nessus
nessus
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)
2024-06-14 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6816-1)
2024-06-07 00:00:00
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)
2024-06-10 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-06-07 00:00:00
Linux kernel vulnerabilities
2024-06-07 00:00:00
Linux kernel (OEM) vulnerabilities
2024-06-11 00:00:00