CVE-2024-53213

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused a double free issue. To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to simplify the initialization sequence and removed the redundant `kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring it is correctly managed by `usb_fill_int_urb()` and freed by `usb_free_urb()` as intended.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/977128343fc2a30737399b58df8ea77e94f164bd patch
https://git.kernel.org/stable/c/a422ebec863d99d5607fb41bb7af3347fcb436d3 patch
https://git.kernel.org/stable/c/b09512aea6223eec756f52aa584fc29eeab57480 patch
https://git.kernel.org/stable/c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40 patch
https://git.kernel.org/stable/c/03819abbeb11117dcbba40bfe322b88c0c88a6b6 patch

Frequently Asked Questions

What is the severity of CVE-2024-53213?
CVE-2024-53213 has been scored as a high severity vulnerability.
How to fix CVE-2024-53213?
To fix CVE-2024-53213, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53213 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53213 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53213?
CVE-2024-53213 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.