CVE-2024-53213

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused a double free issue. To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to simplify the initialization sequence and removed the redundant `kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring it is correctly managed by `usb_fill_int_urb()` and freed by `usb_free_urb()` as intended.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/03819abbeb11117dcbba40bfe322b88c0c88a6b6	Patch
https://git.kernel.org/stable/c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40	Patch
https://git.kernel.org/stable/c/977128343fc2a30737399b58df8ea77e94f164bd	Patch
https://git.kernel.org/stable/c/a422ebec863d99d5607fb41bb7af3347fcb436d3	Patch
https://git.kernel.org/stable/c/b09512aea6223eec756f52aa584fc29eeab57480	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

10 Jan 2025, 18:04

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/03819abbeb11117dcbba40bfe322b88c0c88a6b6 -~~	() https://git.kernel.org/stable/c/03819abbeb11117dcbba40bfe322b88c0c88a6b6 - Patch
References	~~() https://git.kernel.org/stable/c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40 -~~	() https://git.kernel.org/stable/c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40 - Patch
References	~~() https://git.kernel.org/stable/c/977128343fc2a30737399b58df8ea77e94f164bd -~~	() https://git.kernel.org/stable/c/977128343fc2a30737399b58df8ea77e94f164bd - Patch
References	~~() https://git.kernel.org/stable/c/a422ebec863d99d5607fb41bb7af3347fcb436d3 -~~	() https://git.kernel.org/stable/c/a422ebec863d99d5607fb41bb7af3347fcb436d3 - Patch
References	~~() https://git.kernel.org/stable/c/b09512aea6223eec756f52aa584fc29eeab57480 -~~	() https://git.kernel.org/stable/c/b09512aea6223eec756f52aa584fc29eeab57480 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: lan78xx: Se soluciona el problema de doble liberación con la asignación de búfer de interrupción En lan78xx_probe(), el búfer `buf` se liberaba dos veces: una vez implícitamente a través de `usb_free_urb(dev->urb_intr)` con el indicador `URB_FREE_BUFFER` y otra vez explícitamente por `kfree(buf)`. Esto causaba un problema de doble liberación. Para resolver esto, reordenamos las llamadas `kmalloc()` y `usb_alloc_urb()` para simplificar la secuencia de inicialización y eliminamos el `kfree(buf)` redundante. Ahora, `buf` se asigna después de `usb_alloc_urb()`, lo que garantiza que `usb_fill_int_urb()` lo administre correctamente y que `usb_free_urb()` lo libere como estaba previsto.
First Time		Linux Linux linux Kernel
CWE		CWE-415
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:linux:linux_kernel::::::::

27 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 14:15

Updated : 2025-01-10 18:04

NVD link : CVE-2024-53213

Mitre link : CVE-2024-53213

CVE.ORG link : CVE-2024-53213

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-415

Double Free

7.8 /10