CVE-2024-57980

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 27, 2025

Updated: Mar 13, 2025

CWE ID 415

Summary

CVE-2024-57980 is a vulnerability affecting the Linux kernel's media driver for UVC video devices. The issue arises when the uvc_status_init() function fails to allocate memory for int_urb, causing it to free the dev->status pointer without resetting it to NULL. Consequently, the kfree() call in uvc_status_cleanup() attempts to double-free the same memory, leading to potential memory corruption. This vulnerability has been addressed by resetting the dev->status pointer to NULL after freeing it. The issue was reviewed by Ricardo Ribalda from Chromium.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3xkl-b
https://www.cve.org/CVERecord?id=CVE-2024-57980
https://nvd.nist.gov/vuln/detail/CVE-2024-57980

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-57980

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations