CVE-2024-50159

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 7, 2024
Updated: Nov 13, 2024
CWE ID 415

Summary

CVE-2024-50159 is a vulnerability affecting the Linux kernel. The issue lies in the arm_scmi driver, specifically in the function scmi_debugfs_common_setup(). This function is prone to a double free vulnerability due to an incorrect handling of memory allocation and deallocation in the case of devm_add_action_or_reset() failure. Consequently, 'dbg->name' is freed twice, leading to a memory issue. The vulnerability has been addressed by removing the redundant scmi_debugfs_common_cleanup() function.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share