Vulnerability Details : CVE-2024-36959
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
If we fail to allocate propname buffer, we need to drop the reference
count we just took. Because the pinctrl_dt_free_maps() includes the
droping operation, here we call it directly.
Products affected by CVE-2024-36959
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-36959
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-36959
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2025-01-14 |
References for CVE-2024-36959
-
https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
[SECURITY] [DLA 3840-1] linux security updateMailing List
-
https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
[SECURITY] [DLA 3843-1] linux-5.10 security updateMailing List
-
https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to