In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: st: fix probed platform device ref count on probe error path
The probe function never performs any paltform device allocation, thus
error path "undo_platform_dev_alloc" is entirely bogus. It drops the
reference count from the platform device being probed. If error path is
triggered, this will lead to unbalanced device reference counts and
premature release of device resources, thus possible use-after-free when
releasing remaining devm-managed resources.
References
Configurations
Configuration 1 (hide)
|
History
13 Sep 2024, 16:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Linux linux Kernel
Linux |
|
References | () https://git.kernel.org/stable/c/060f41243ad7f6f5249fa7290dda0c01f723d12d - Patch | |
References | () https://git.kernel.org/stable/c/1de989668708ce5875efc9d669d227212aeb9a90 - Patch | |
References | () https://git.kernel.org/stable/c/4c6735299540f3c82a5033d35be76a5c42e0fb18 - Patch | |
References | () https://git.kernel.org/stable/c/6aee4c5635d81f4809c3b9f0c198a65adfbb2ada - Patch | |
References | () https://git.kernel.org/stable/c/b0979a885b9d4df2a25b88e9d444ccaa5f9f495c - Patch | |
References | () https://git.kernel.org/stable/c/ddfcfeba891064b88bb844208b43bef2ef970f0c - Patch | |
References | () https://git.kernel.org/stable/c/e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49 - Patch | |
References | () https://git.kernel.org/stable/c/f3498650df0805c75b4e1c94d07423c46cbf4ce1 - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:* |
|
CWE | CWE-416 |
13 Sep 2024, 14:06
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Sep 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-13 06:15
Updated : 2024-09-13 16:51
NVD link : CVE-2024-46674
Mitre link : CVE-2024-46674
CVE.ORG link : CVE-2024-46674
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free