CVE-2024-35847: irqchip/gic-v3-its: Prevent double free on error
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Prevent double free on error
The error handling path in itsvpeirqdomainalloc() causes a double free when itsvpeinit() fails after successfully allocating at least one interrupt. This happens because itsvpeirqdomainfree() frees the interrupts along with the area bitmap and the vproppage and itsvpeirqdomainalloc() subsequently frees the area bitmap and the vproppage again.
Fix this by unconditionally invoking itsvpeirqdomainfree() which handles all cases correctly and by removing the bitmap/vproppage freeing from itsvpeirqdomainalloc().
[ tglx: Massaged change log ]
Other sources
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Prevent double free on error
The Linux kernel CVE team has assigned CVE-2024-35847 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35847-7e4b@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35847?
CVE-2024-35847 is classified as a high-severity vulnerability due to its potential to cause a double free in the Linux kernel.
How do I fix CVE-2024-35847?
To resolve CVE-2024-35847, upgrade the Linux kernel to one of the following versions or newer: 4.19.313, 5.4.275, 5.10.216, 5.15.158, 6.1.90, 6.6.30, 6.8.9 or 6.9.
Which Linux distributions are affected by CVE-2024-35847?
CVE-2024-35847 impacts several distributions including Red Hat and Debian in specified versions of the Linux kernel.
What are the potential consequences of CVE-2024-35847?
If exploited, CVE-2024-35847 may lead to system instability or crashes due to improper memory handling.
How was CVE-2024-35847 discovered?
CVE-2024-35847 was identified through analysis of the error handling path within the irqchip/gic-v3-its driver in the Linux kernel.