CVE-2024-53076
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53076 is a newly discovered vulnerability affecting the Linux kernel's iio (Industrial I/O) subsystem. The issue lies in the gts-helper module, specifically in the function iio_gts_build_avail_scale_table(). When per_time_scales or per_time_gains kcalloc allocation fails within the for loop, err_free_out fails to call kfree() when i is reduced to 0, leading to memory leaks of per_time_scales[0] and per_time_gains[0]. This vulnerability has been rectified by implementing a check to ensure i is always greater than or equal to 0 before freeing the memory.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX