In the Linux kernel, the following vulnerability has been resolved:

pinctrl: core: delete incorrect free in pinctrl_enable()

The "pctldev" struct is allocated in devm_pinctrl_register_and_init().
It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),
so freeing it in pinctrl_enable() will lead to a double free.

The devm_pinctrl_dev_release() function frees the pindescs and destroys
the mutex as well.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Rhel Eus

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:5102 2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:5101 2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.76.1.el9_4 cpe:/a:redhat:rhel_eus:9.4 RHSA-2025:10701 2025-07-09T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-3840-1 linux security update
Debian DLA Debian DLA DLA-3843-1 linux-5.10 security update
Debian DSA Debian DSA DSA-5703-1 linux security update
Ubuntu USN Ubuntu USN USN-6949-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6949-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6950-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6950-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6950-3 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-6950-4 Linux kernel (HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-6951-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6951-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-6951-3 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-6951-4 Linux kernel (BlueField) vulnerabilities
Ubuntu USN Ubuntu USN USN-6952-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6953-1 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-6955-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-6956-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-6957-1 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-6972-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-6972-2 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-6972-3 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-6972-4 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-6979-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-7019-1 Linux kernel vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068 cve-icon cve-icon
https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca cve-icon cve-icon
https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79 cve-icon cve-icon
https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c cve-icon cve-icon
https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d cve-icon cve-icon
https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e cve-icon cve-icon
https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd cve-icon cve-icon
https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024053043-CVE-2024-36940-0c83@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36940 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36940 cve-icon
History

Thu, 10 Jul 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4
Vendors & Products Redhat rhel Eus

Fri, 10 Jan 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
Linux
Linux linux Kernel
CPEs cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux
Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 2.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Wed, 13 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Tue, 05 Nov 2024 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 08 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T09:12:30.088Z

Reserved: 2024-05-30T15:25:07.072Z

Link: CVE-2024-36940

cve-icon Vulnrichment

Updated: 2024-08-02T03:43:50.606Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-30T16:15:17.063

Modified: 2025-01-10T18:29:29.727

Link: CVE-2024-36940

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36940 - Bugzilla

cve-icon OpenCVE Enrichment

No data.