{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53213", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:25.023Z", "datePublished": "2024-12-27T13:49:58.709Z", "dateUpdated": "2024-12-27T13:49:58.709Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-27T13:49:58.709Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix double free issue with interrupt buffer allocation\n\nIn lan78xx_probe(), the buffer `buf` was being freed twice: once\nimplicitly through `usb_free_urb(dev->urb_intr)` with the\n`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused\na double free issue.\n\nTo resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to\nsimplify the initialization sequence and removed the redundant\n`kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring\nit is correctly managed by `usb_fill_int_urb()` and freed by\n`usb_free_urb()` as intended."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/lan78xx.c"], "versions": [{"version": "a6df95cae40bee555e01a37b4023ce8e97ffa249", "lessThan": "977128343fc2a30737399b58df8ea77e94f164bd", "status": "affected", "versionType": "git"}, {"version": "a6df95cae40bee555e01a37b4023ce8e97ffa249", "lessThan": "a422ebec863d99d5607fb41bb7af3347fcb436d3", "status": "affected", "versionType": "git"}, {"version": "a6df95cae40bee555e01a37b4023ce8e97ffa249", "lessThan": "b09512aea6223eec756f52aa584fc29eeab57480", "status": "affected", "versionType": "git"}, {"version": "a6df95cae40bee555e01a37b4023ce8e97ffa249", "lessThan": "7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40", "status": "affected", "versionType": "git"}, {"version": "a6df95cae40bee555e01a37b4023ce8e97ffa249", "lessThan": "03819abbeb11117dcbba40bfe322b88c0c88a6b6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/lan78xx.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.120", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.64", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.11", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/977128343fc2a30737399b58df8ea77e94f164bd"}, {"url": "https://git.kernel.org/stable/c/a422ebec863d99d5607fb41bb7af3347fcb436d3"}, {"url": "https://git.kernel.org/stable/c/b09512aea6223eec756f52aa584fc29eeab57480"}, {"url": "https://git.kernel.org/stable/c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40"}, {"url": "https://git.kernel.org/stable/c/03819abbeb11117dcbba40bfe322b88c0c88a6b6"}], "title": "net: usb: lan78xx: Fix double free issue with interrupt buffer allocation", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFA9B856-F80A-4A22-BC26-5EB65D554687", "versionEndExcluding": "6.1.120", "versionStartIncluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7", "versionEndExcluding": "6.6.64", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix double free issue with interrupt buffer allocation\n\nIn lan78xx_probe(), the buffer `buf` was being freed twice: once\nimplicitly through `usb_free_urb(dev->urb_intr)` with the\n`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused\na double free issue.\n\nTo resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to\nsimplify the initialization sequence and removed the redundant\n`kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring\nit is correctly managed by `usb_fill_int_urb()` and freed by\n`usb_free_urb()` as intended."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: lan78xx: Se soluciona el problema de doble liberaci\u00f3n con la asignaci\u00f3n de b\u00fafer de interrupci\u00f3n En lan78xx_probe(), el b\u00fafer `buf` se liberaba dos veces: una vez impl\u00edcitamente a trav\u00e9s de `usb_free_urb(dev->urb_intr)` con el indicador `URB_FREE_BUFFER` y otra vez expl\u00edcitamente por `kfree(buf)`. Esto causaba un problema de doble liberaci\u00f3n. Para resolver esto, reordenamos las llamadas `kmalloc()` y `usb_alloc_urb()` para simplificar la secuencia de inicializaci\u00f3n y eliminamos el `kfree(buf)` redundante. Ahora, `buf` se asigna despu\u00e9s de `usb_alloc_urb()`, lo que garantiza que `usb_fill_int_urb()` lo administre correctamente y que `usb_free_urb()` lo libere como estaba previsto."}], "id": "CVE-2024-53213", "lastModified": "2025-01-10T18:04:48.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-27T14:15:29.237", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/03819abbeb11117dcbba40bfe322b88c0c88a6b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/977128343fc2a30737399b58df8ea77e94f164bd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a422ebec863d99d5607fb41bb7af3347fcb436d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b09512aea6223eec756f52aa584fc29eeab57480"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation", "id": "2334388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334388"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: usb: lan78xx: Fix double free issue with interrupt buffer allocation\nIn lan78xx_probe(), the buffer `buf` was being freed twice: once\nimplicitly through `usb_free_urb(dev->urb_intr)` with the\n`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused\na double free issue.\nTo resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to\nsimplify the initialization sequence and removed the redundant\n`kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring\nit is correctly managed by `usb_fill_int_urb()` and freed by\n`usb_free_urb()` as intended.", "A double free vulnerability was found in the Linux kernel. In lan78xx_probe(), the `buf` buffer is freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`, resulting in loss of availability of the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-53213", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53213\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53213\nhttps://lore.kernel.org/linux-cve-announce/2024122730-CVE-2024-53213-baa6@gregkh/T"], "threat_severity": "Moderate"}