CVE-2024-27039

clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()

Description

In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iteration. If a clk_register() call fails, 'p_clk' may point to something different from what should be freed. The best we can do, is to avoid this wrong release of memory.

N/A
CVSS
Severity:
EPSS 0.14%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3f8445f1c746fda180a7f75372ed06b24e9cefe2
https://git.kernel.org/stable/c/e0b0d1c46a2ce1e46b79d004a7270fdef872e097
https://git.kernel.org/stable/c/95d1f1228c1bb54803ae57525b76db60e99b37e4
https://git.kernel.org/stable/c/2cc572e0085ebd4b662b74a0f43222bc00df9a00
https://git.kernel.org/stable/c/d575765b1b62e8bdb00af11caa1aabeb01763d9f
https://git.kernel.org/stable/c/64c6a38136b74a2f18c42199830975edd9fbc379

Frequently Asked Questions

What is the severity of CVE-2024-27039?
CVE-2024-27039 has not yet been assigned a CVSS score.
How to fix CVE-2024-27039?
To fix CVE-2024-27039, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27039 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27039 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27039?
CVE-2024-27039 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.