{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38627", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.946Z", "datePublished": "2024-06-21T10:18:18.912Z", "dateUpdated": "2025-11-04T17:21:50.394Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:56:54.142Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstm class: Fix a double free in stm_register_device()\n\nThe put_device(&stm->dev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwtracing/stm/core.c"], "versions": [{"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "6cc30ef8eb6d8f8d6df43152264bbf8835d99931", "status": "affected", "versionType": "git"}, {"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "a0450d3f38e7c6c0a7c0afd4182976ee15573695", "status": "affected", "versionType": "git"}, {"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "713fc00c571dde4af3db2dbd5d1b0eadc327817b", "status": "affected", "versionType": "git"}, {"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "7419df1acffbcc90037f6b5a2823e81389659b36", "status": "affected", "versionType": "git"}, {"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "4bfd48bb6e62512b9c392c5002c11e1e3b18d247", "status": "affected", "versionType": "git"}, {"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "370c480410f60b90ba3e96abe73ead21ec827b20", "status": "affected", "versionType": "git"}, {"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "d782a2db8f7ac49c33b9ca3e835500a28667d1be", "status": "affected", "versionType": "git"}, {"version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "3df463865ba42b8f88a590326f4c9ea17a1ce459", "status": "affected", "versionType": "git"}, {"version": "b0351a51ffda593b2b1b35dd0c00a73505edb256", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwtracing/stm/core.c"], "versions": [{"version": "4.7", "status": "affected"}, {"version": "0", "lessThan": "4.7", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.4", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "4.19.316"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "5.4.278"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "5.10.219"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "5.15.161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "6.1.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "6.9.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "6.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.178"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"}, {"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"}, {"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"}, {"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"}, {"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"}, {"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"}, {"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"}, {"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"}], "title": "stm class: Fix a double free in stm_register_device()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T13:23:15.087129Z", "id": "CVE-2024-38627", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T13:23:21.516Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:21:50.394Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:21:50.394Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38627", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-21T13:23:15.087129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T13:23:18.882Z"}}], "cna": {"title": "stm class: Fix a double free in stm_register_device()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "6cc30ef8eb6d8f8d6df43152264bbf8835d99931", "versionType": "git"}, {"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "a0450d3f38e7c6c0a7c0afd4182976ee15573695", "versionType": "git"}, {"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "713fc00c571dde4af3db2dbd5d1b0eadc327817b", "versionType": "git"}, {"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "7419df1acffbcc90037f6b5a2823e81389659b36", "versionType": "git"}, {"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "4bfd48bb6e62512b9c392c5002c11e1e3b18d247", "versionType": "git"}, {"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "370c480410f60b90ba3e96abe73ead21ec827b20", "versionType": "git"}, {"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "d782a2db8f7ac49c33b9ca3e835500a28667d1be", "versionType": "git"}, {"status": "affected", "version": "389b6699a2aa0b457aa69986e9ddf39f3b4030fd", "lessThan": "3df463865ba42b8f88a590326f4c9ea17a1ce459", "versionType": "git"}, {"status": "affected", "version": "b0351a51ffda593b2b1b35dd0c00a73505edb256", "versionType": "git"}], "programFiles": ["drivers/hwtracing/stm/core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.7"}, {"status": "unaffected", "version": "0", "lessThan": "4.7", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.316", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.278", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.4", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/hwtracing/stm/core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"}, {"url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"}, {"url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"}, {"url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"}, {"url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"}, {"url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"}, {"url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"}, {"url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstm class: Fix a double free in stm_register_device()\n\nThe put_device(&stm->dev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.316", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.278", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.219", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.161", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.93", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.33", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.4", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.4.178"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:56:54.142Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38627", "state": "PUBLISHED", "dateUpdated": "2025-11-04T17:21:50.394Z", "dateReserved": "2024-06-18T19:36:34.946Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T10:18:18.912Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "594BEF43-C2C9-4680-A8DA-DAE0487DAEB5", "versionEndExcluding": "4.19.316", "versionStartIncluding": "4.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701", "versionEndExcluding": "5.4.278", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667", "versionEndExcluding": "6.1.93", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627", "versionEndExcluding": "6.9.4", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstm class: Fix a double free in stm_register_device()\n\nThe put_device(&stm->dev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase stm: corrige un doble free en stm_register_device() La llamada put_device(&stm->dev) activar\u00e1 stm_device_release() que libera \"stm\" para que vfree(stm) en el La siguiente l\u00ednea es un doble libre."}], "id": "CVE-2024-38627", "lastModified": "2025-11-04T18:16:29.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-21T11:15:11.583", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:5364", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.79.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5365", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.79.1.rt14.364.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:11313", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.49.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-18T00:00:00Z"}], "bugzilla": {"description": "kernel: stm class: Fix a double free in stm_register_device()", "id": "2293700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293700"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-415", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nstm class: Fix a double free in stm_register_device()\nThe put_device(&stm->dev) call will trigger stm_device_release() which\nfrees \"stm\" so the vfree(stm) on the next line is a double free.", "A vulnerability was found in the Linux kernel's stm class, where an improper memory management sequence in stm_register_device() could lead to a double-free error. This issue occurs when the put_device(&stm->dev) call triggers stm_device_release() to free \"stm\", making the subsequent vfree(stm) call redundant and potentially harmful."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the `stm` kernel module from being loaded. See https://access.redhat.com/solutions/41278 for information about how to prevent kernel modules from being loaded automatically."}, "name": "CVE-2024-38627", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38627\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38627\nhttps://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38627-9b57@gregkh/T"], "statement": "Red Hat assesses the impact of this vulnerability as Low because this flaw can be mitigated by blocklisting a kernel module that is not typically used in production systems, and an attacker would need elevated privileges to have complete control over the consequences of the memory corruption caused by this issue.", "threat_severity": "Low"}

{}