CVE-2024-38627 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.79.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:5364	2024-08-14T00:00:00Z
kernel-rt-0:5.14.0-284.79.1.rt14.364.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:5365	2024-08-14T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20
https://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459
https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247
https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931
https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b
https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36
https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695
https://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be
https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38627-9b57@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38627
https://www.cve.org/CVERecord?id=CVE-2024-38627

History

Mon, 09 Sep 2024 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products		Redhat rhel Eus

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-21T10:18:18.912Z

Updated: 2024-08-02T04:12:26.080Z

Reserved: 2024-06-18T19:36:34.946Z

Link: CVE-2024-38627

Vulnrichment

Updated: 2024-06-21T13:23:18.882Z

NVD

Status : Analyzed

Published: 2024-06-21T11:15:11.583

Modified: 2024-09-09T13:39:48.990

Link: CVE-2024-38627

Redhat

Severity : Low

Publid Date: 2024-06-21T00:00:00Z

Links: CVE-2024-38627 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object