CVE-2024-57904 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: at91: call input_free_device() on allocated iio_dev

Current implementation of at91_ts_register() calls input_free_deivce()
on st->ts_input, however, the err label can be reached before the
allocated iio_dev is stored to st->ts_input. Thus call
input_free_device() on input instead of st->ts_input.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00034.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

Advisories

Source	ID	Title
Debian DLA	DLA-4075-1	linux security update
Debian DLA	DLA-4076-1	linux-6.1 security update
EUVD	EUVD-2024-53807	In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input.
Ubuntu USN	USN-7379-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7379-2	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7380-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-7381-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-7382-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7387-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7387-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7387-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7388-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7389-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-7390-1	Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN	USN-7391-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7392-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7392-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7392-3	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7392-4	Linux kernel (AWS FIPS) vulnerabilities
Ubuntu USN	USN-7393-1	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7401-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7407-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7413-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7421-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7458-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7459-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-7459-2	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-7463-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7513-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7513-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7513-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7513-4	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7513-5	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-7514-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-7515-1	Linux kernel (GKE) vulnerabilities
Ubuntu USN	USN-7515-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7522-1	Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN	USN-7523-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-7524-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7539-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7540-1	Linux kernel (Raspberry Pi) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6
https://git.kernel.org/stable/c/09e067e3c83e0695d338e8a26916e3c2bc44be02
https://git.kernel.org/stable/c/25ef52f1c15db67d890b80203a911b9a57b0bf71
https://git.kernel.org/stable/c/ac8d932e3214c10ec641ad45a253929a596ead62
https://git.kernel.org/stable/c/b549c90bfe66f704878aa1e57b30ba15dab71935
https://git.kernel.org/stable/c/d115b7f3ddc03b38bb7e8754601556fe9b4fc034
https://git.kernel.org/stable/c/de6a73bad1743e9e81ea5a24c178c67429ff510b
https://lore.kernel.org/linux-cve-announce/2025011934-CVE-2024-57904-dac5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-57904
https://www.cve.org/CVERecord?id=CVE-2024-57904

History

Thu, 16 Oct 2025 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Sun, 02 Feb 2025 10:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/ac8d932e3214c10ec641ad45a253929a596ead62 https://git.kernel.org/stable/c/b549c90bfe66f704878aa1e57b30ba15dab71935

Thu, 23 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6

Mon, 20 Jan 2025 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025011934-CVE-2024-57904-dac5@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-57904 https://www.cve.org/CVERecord?id=CVE-2024-57904
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Sun, 19 Jan 2025 12:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input.
Title		iio: adc: at91: call input_free_device() on allocated iio_dev
References		https://git.kernel.org/stable/c/09e067e3c83e0695d338e8a26916e3c2bc44be02 https://git.kernel.org/stable/c/25ef52f1c15db67d890b80203a911b9a57b0bf71 https://git.kernel.org/stable/c/d115b7f3ddc03b38bb7e8754601556fe9b4fc034 https://git.kernel.org/stable/c/de6a73bad1743e9e81ea5a24c178c67429ff510b

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-01-19T11:52:28.982Z

Updated: 2025-05-04T10:06:18.688Z

Reserved: 2025-01-19T11:50:08.372Z

Link: CVE-2024-57904

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-01-19T12:15:23.970

Modified: 2025-10-16T19:53:36.000

Link: CVE-2024-57904

Redhat

Severity : Low

Publid Date: 2025-01-19T00:00:00Z

Links: CVE-2024-57904 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-13T11:22:26Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object