CVE-2024-36959 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec
https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1
https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274
https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f
https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6
https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d
https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404
https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049
https://lore.kernel.org/linux-cve-announce/2024053041-CVE-2024-36959-ade5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-36959
https://www.cve.org/CVERecord?id=CVE-2024-36959

History

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Tue, 05 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:35:51.624Z

Updated: 2024-11-05T09:28:50.176Z

Reserved: 2024-05-30T15:25:07.080Z

Link: CVE-2024-36959

Vulnrichment

Updated: 2024-08-02T03:43:50.512Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T16:15:18.747

Modified: 2024-11-05T10:17:18.173

Link: CVE-2024-36959

Redhat

Severity : Low

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36959 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object