Double Free Vulnerability in Linux Kernel's Atmel PMECC Functionality
CVE-2024-56766

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 January 2025

Summary

A vulnerability has been identified in the Linux kernel related to Atmel PMECC where the conversion of the user pointer allocation from kzalloc() to devm_kzalloc() leads to a potential double free scenario when kfree(user) is called. This flaw can contribute to system instability and may pose security risks if exploited. It is crucial for users and system administrators to update their kernel versions to mitigate this vulnerability.

Affected Version(s)

Linux 22fbbc37edb840fd420fadf670366be9bf028426

Linux 54cb5fa850f9306d84e49a3db44b7a7eb5536cd1 < 1562871ef613fa9492aa0310933eff785166a90e

Linux 5fe7709251e334cc27618473299c48340cecd3c8 < 3d825a241e65f7e3072978729e79d735ec40b80e

References

https://git.kernel.org/stable/c/ca9818554b0f33e87f38e4bfa...

https://git.kernel.org/stable/c/1562871ef613fa9492aa03109...

https://git.kernel.org/stable/c/3d825a241e65f7e3072978729...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025