CVE-2024-53213

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 27, 2024

Updated: Jan 10, 2025

CWE ID 415

Summary

CVE-2024-53213 is a vulnerability affecting the Linux kernel's lan78xx driver. In the function lan78xx_probe(), a double free issue was identified with the implicit freeing of the buffer 'buf' through usb_free_urb() with the URB_FREE_BUFFER flag and an explicit freeing of buf using kfree(). This led to a double free scenario. The issue has been resolved by reordering the kmalloc() and usb_alloc_urb() calls and eliminating the redundant kfree(buf) call. Now, buf is allocated following usb_alloc_urb() and managed correctly by usb_fill_int_urb() and freed appropriately by usb_free_urb().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0sRX74
https://www.cve.org/CVERecord?id=CVE-2024-53213
https://nvd.nist.gov/vuln/detail/CVE-2024-53213

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-53213

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations