CVE-2024-53076

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024
CWE ID 401

Summary

CVE-2024-53076 is a newly discovered vulnerability affecting the Linux kernel's iio (Industrial I/O) subsystem. The issue lies in the gts-helper module, specifically in the function iio_gts_build_avail_scale_table(). When per_time_scales or per_time_gains kcalloc allocation fails within the for loop, err_free_out fails to call kfree() when i is reduced to 0, leading to memory leaks of per_time_scales[0] and per_time_gains[0]. This vulnerability has been rectified by implementing a check to ensure i is always greater than or equal to 0 before freeing the memory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share