CVE-2024-35847

irqchip/gic-v3-its: Prevent double free on error

Description

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoking its_vpe_irq_domain_free() which handles all cases correctly and by removing the bitmap/vprop_page freeing from its_vpe_irq_domain_alloc(). [ tglx: Massaged change log ]

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae patch
https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662 patch
https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52 patch
https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438 patch
https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9 patch
https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792 patch
https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137 patch
https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html patch

Frequently Asked Questions

What is the severity of CVE-2024-35847?
CVE-2024-35847 has been scored as a high severity vulnerability.
How to fix CVE-2024-35847?
To fix CVE-2024-35847, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35847 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35847 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35847?
CVE-2024-35847 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.