In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:5102 2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:5101 2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
References
Link Providers
https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068 cve-icon cve-icon
https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca cve-icon cve-icon
https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79 cve-icon cve-icon
https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c cve-icon cve-icon
https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d cve-icon cve-icon
https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e cve-icon cve-icon
https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd cve-icon cve-icon
https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024053043-CVE-2024-36940-0c83@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36940 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36940 cve-icon
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Wed, 13 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Tue, 05 Nov 2024 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 08 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:29:28.101Z

Updated: 2024-11-05T09:28:28.487Z

Reserved: 2024-05-30T15:25:07.072Z

Link: CVE-2024-36940

cve-icon Vulnrichment

Updated: 2024-06-05T14:25:30.378Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-30T16:15:17.063

Modified: 2024-11-21T09:22:52.020

Link: CVE-2024-36940

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36940 - Bugzilla