CVE-2024-42147
Severity CVSS v4.0:
Pending analysis
Type:
CWE-415
Double Free
Publication date:
30/07/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
crypto: hisilicon/debugfs - Fix debugfs uninit process issue<br />
<br />
During the zip probe process, the debugfs failure does not stop<br />
the probe. When debugfs initialization fails, jumping to the<br />
error branch will also release regs, in addition to its own<br />
rollback operation.<br />
<br />
As a result, it may be released repeatedly during the regs<br />
uninit process. Therefore, the null check needs to be added to<br />
the regs uninit process.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.98 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.39 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.9 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e
- https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739
- https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3
- https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c
- https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e
- https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739
- https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3
- https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html