We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-53213

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation



Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused a double free issue. To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to simplify the initialization sequence and removed the redundant `kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring it is correctly managed by `usb_fill_int_urb()` and freed by `usb_free_urb()` as intended.

Reserved 2024-11-19 | Published 2024-12-27 | Updated 2025-01-20 | Assigner Linux

Product status

Default status
unaffected

a6df95cae40bee555e01a37b4023ce8e97ffa249 before 977128343fc2a30737399b58df8ea77e94f164bd
affected

a6df95cae40bee555e01a37b4023ce8e97ffa249 before a422ebec863d99d5607fb41bb7af3347fcb436d3
affected

a6df95cae40bee555e01a37b4023ce8e97ffa249 before b09512aea6223eec756f52aa584fc29eeab57480
affected

a6df95cae40bee555e01a37b4023ce8e97ffa249 before 7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40
affected

a6df95cae40bee555e01a37b4023ce8e97ffa249 before 03819abbeb11117dcbba40bfe322b88c0c88a6b6
affected

Default status
affected

5.17
affected

Any version before 5.17
unaffected

6.1.120
unaffected

6.6.64
unaffected

6.11.11
unaffected

6.12.2
unaffected

6.13
unaffected

References

git.kernel.org/...c/977128343fc2a30737399b58df8ea77e94f164bd

git.kernel.org/...c/a422ebec863d99d5607fb41bb7af3347fcb436d3

git.kernel.org/...c/b09512aea6223eec756f52aa584fc29eeab57480

git.kernel.org/...c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40

git.kernel.org/...c/03819abbeb11117dcbba40bfe322b88c0c88a6b6

cve.org (CVE-2024-53213)

nvd.nist.gov (CVE-2024-53213)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-53213

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.