CVE-2024-36940

pinctrl: core: delete incorrect free in pinctrl_enable()

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d patch
https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd patch
https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068 patch
https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca patch
https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e patch
https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c patch
https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba patch
https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-36940?
CVE-2024-36940 has been scored as a high severity vulnerability.
How to fix CVE-2024-36940?
To fix CVE-2024-36940, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-36940 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-36940 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-36940?
CVE-2024-36940 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.