NVD Vulnerability Detail
Search Exploit, PoC
CVE-2024-50197
Summary

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: intel: platform: fix error path in device_for_each_child_node()

The device_for_each_child_node() loop requires calls to
fwnode_handle_put() upon early returns to decrement the refcount of
the child node and avoid leaking memory if that error path is triggered.

There is one early returns within that loop in
intel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is
missing.

Instead of adding the missing call, the scoped version of the loop can
be used to simplify the code and avoid mistakes in the future if new
early returns are added, as the child node is only used for parsing, and
it is never assigned.

Publication Date Nov. 8, 2024, 3:15 p.m.
Registration Date Nov. 9, 2024, 5 a.m.
Last Update Nov. 8, 2024, 3:15 p.m.
Related information, measures and tools
Common Vulnerabilities List
JVN Vulnerability Information
Linux の Linux Kernel における有効期限後のメモリの解放の欠如に関する脆弱性
Title Linux の Linux Kernel における有効期限後のメモリの解放の欠如に関する脆弱性
Summary

Linux の Linux Kernel には、有効期限後のメモリの解放の欠如に関する脆弱性が存在します。

Possible impacts サービス運用妨害 (DoS) 状態にされる可能性があります。 
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date Sept. 30, 2024, midnight
Registration Date Dec. 2, 2024, 10:52 a.m.
Last Update Dec. 2, 2024, 10:52 a.m.
Affected System
Linux
Linux Kernel 6.12
Linux Kernel 6.8 以上 6.11.5 未満
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
No Changed Details Date of change
1 [2024年12月02日]
  掲載		 Dec. 2, 2024, 10:52 a.m.