CVE-2024-56766: mtd: rawnand: fix double free in atmel_pmecc_create_user()
First published: Mon Jan 06 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=4.19.325<4.20 | |
| Linux Kernel | >=5.4.287<5.5 | |
| Linux Kernel | >=5.10.231<5.11 | |
| Linux Kernel | >=5.15.174<5.16 | |
| Linux Kernel | >=6.1.120<6.1.123 | |
| Linux Kernel | >=6.6.64<6.6.69 | |
| Linux Kernel | >=6.11.11<6.12 | |
| Linux Kernel | >=6.12.2<6.12.8 | |
| Linux Kernel | =6.13-rc1 | |
| Linux Kernel | =6.13-rc2 | |
| Linux Kernel | =6.13-rc3 | |
| Linux Kernel | =6.13-rc4 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/ca9818554b0f33e87f38e4bfa2dac056692d46cc
- https://git.kernel.org/stable/c/1562871ef613fa9492aa0310933eff785166a90e
- https://git.kernel.org/stable/c/3d825a241e65f7e3072978729e79d735ec40b80e
- https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7
- https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a
- https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d
- https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56766
- https://nvd.nist.gov/vuln/detail/CVE-2024-56766
- https://launchpad.net/bugs/cve/CVE-2024-56766
- https://security-tracker.debian.org/tracker/CVE-2024-56766
- https://ubuntu.com/security/CVE-2024-56766
- https://git.kernel.org/linus/d8e4771f99c0400a1873235704b28bb803c83d17
Frequently Asked Questions
What is the severity of CVE-2024-56766?
CVE-2024-56766 is considered a moderate severity vulnerability due to the potential for a double free condition in the Linux kernel.
How do I fix CVE-2024-56766?
To fix CVE-2024-56766, update your Linux kernel to a version that contains the patch addressing this vulnerability.
Which Linux kernel versions are affected by CVE-2024-56766?
CVE-2024-56766 affects Linux kernel versions between 4.19.325 and 4.20, as well as certain versions from 5.4.287 up to 5.16 and others.
What component of the Linux kernel is affected by CVE-2024-56766?
CVE-2024-56766 specifically affects the mtd (Memory Technology Device) subsystem in the Linux kernel.
Can CVE-2024-56766 be exploited remotely?
CVE-2024-56766 does not appear to be exploitable remotely, as it requires local access to trigger the vulnerability.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.19.325
- version/linux kernel/5.4.287
- version/linux kernel/5.10.231
- version/linux kernel/5.15.174
- version/linux kernel/6.1.120
- version/linux kernel/6.6.64
- version/linux kernel/6.11.11
- version/linux kernel/6.12.2
- version/linux kernel/6.13-rc1
- version/linux kernel/6.13-rc2
- version/linux kernel/6.13-rc3
- version/linux kernel/6.13-rc4
- package-manager/debian