Double Free in Linux kernel - CVE-2024-36940
Published: June 3, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90885
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-36940
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d
- https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd
- https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068
- https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca
- https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e
- https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c
- https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba
- https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.314
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.217
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.276
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.10