CVE-2024-57980

media: uvcvideo: Fix double free in error path

Description

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d6e5ba2516c5bef87c1fcb8189b6f3cad7c64b2d
https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c
https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277
https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d patch
https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49 patch
https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22 patch
https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4 patch
https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac patch

Frequently Asked Questions

What is the severity of CVE-2024-57980?
CVE-2024-57980 has been scored as a high severity vulnerability.
How to fix CVE-2024-57980?
To fix CVE-2024-57980, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-57980 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-57980 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-57980?
CVE-2024-57980 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.