CVE-2024-57887
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
15/01/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm: adv7511: Fix use-after-free in adv7533_attach_dsi()<br />
<br />
The host_node pointer was assigned and freed in adv7533_parse_dt(), and<br />
later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue<br />
by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put()<br />
in error path of probe() and also in the remove().
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.8 (including) | 6.1.125 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.70 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1f49aaf55652580ae63ab83d67211fe6a55d83dc
- https://git.kernel.org/stable/c/81adbd3ff21c1182e06aa02c6be0bfd9ea02d8e8
- https://git.kernel.org/stable/c/acec80d9f126cd3fa764bbe3d96bc0cb5cd2b087
- https://git.kernel.org/stable/c/ca9d077350fa21897de8bf64cba23b198740aab5
- https://git.kernel.org/stable/c/d208571943ffddc438a7ce533d5d0b9219806242
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html