CVE-2024-38627: stm class: Fix a double free in stm_register_device()
In the Linux kernel, the following vulnerability has been resolved:
stm class: Fix a double free in stmregisterdevice()
The Linux kernel CVE team has assigned CVE-2024-38627 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38627-9b57@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
stm class: Fix a double free in stmregisterdevice()
The putdevice(&stm->dev) call will trigger stmdevicerelease() which frees "stm" so the vfree(stm) on the next line is a double free.
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a double-free in stmregisterdevice(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-38627?
CVE-2024-38627 is classified as a medium severity vulnerability in the Linux kernel due to the potential for double free issues.
How do I fix CVE-2024-38627?
To mitigate CVE-2024-38627, ensure that your Linux kernel version is updated to one of the fixed versions, such as 4.19.317 or later.
Which Linux kernel versions are affected by CVE-2024-38627?
CVE-2024-38627 affects multiple Linux kernel versions including those earlier than 4.19.317, 5.4.279, 5.10.220, and specific patched versions from Red Hat.
What does CVE-2024-38627 impact?
CVE-2024-38627 impacts the Linux kernel's stm class, leading to a vulnerability that can be exploited through device registration.
Is CVE-2024-38627 exploitable remotely?
CVE-2024-38627 is considered to be locally exploitable, meaning an attacker would need local access to the system to exploit this vulnerability.