CVE-2024-36940 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068
https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca
https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79
https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c
https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d
https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e
https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd
https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024053043-CVE-2024-36940-0c83@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-36940
https://www.cve.org/CVERecord?id=CVE-2024-36940

History

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:29:28.101Z

Updated: 2024-08-02T03:43:50.606Z

Reserved: 2024-05-30T15:25:07.072Z

Link: CVE-2024-36940

Vulnrichment

Updated: 2024-06-05T14:25:30.378Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T16:15:17.063

Modified: 2024-06-27T14:15:14.890

Link: CVE-2024-36940

Redhat

Severity : Low

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36940 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object