CVE-2024-57980: media: uvcvideo: Fix double free in error path
First published: Thu Feb 27 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=2.6.28<6.1.129 | |
| Linux Kernel | >=6.2<6.6.76 | |
| Linux Kernel | >=6.7<6.12.13 | |
| Linux Kernel | >=6.13<6.13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49
- https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d
- https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac
- https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22
- https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4
- https://git.kernel.org/stable/c/d6e5ba2516c5bef87c1fcb8189b6f3cad7c64b2d
- https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c
- https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277
Frequently Asked Questions
What is the severity of CVE-2024-57980?
CVE-2024-57980 is classified as a medium severity vulnerability affecting the Linux kernel.
How do I fix CVE-2024-57980?
To fix CVE-2024-57980, update the Linux kernel to the latest stable version that addresses this vulnerability.
What versions of the Linux kernel are affected by CVE-2024-57980?
CVE-2024-57980 affects Linux kernel versions between 2.6.28 and 6.1.129, as well as versions between 6.2 and 6.6.76, 6.7 and 6.12.13, and 6.13 and 6.13.2.
What is the nature of the vulnerability in CVE-2024-57980?
CVE-2024-57980 is a double free vulnerability in the uvcvideo driver that occurs when memory is improperly managed during error handling.
Can CVE-2024-57980 lead to system compromise?
Yes, CVE-2024-57980 could potentially be exploited to cause system instability or denial of service.
- agent/type
- agent/title
- agent/description
- agent/author
- agent/source
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/event
- agent/weakness
- agent/references
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.28
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13