CVE-2024-49986

HIGH EPSS 16.0%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it should not be used after calling x86_android_tablet_remove(). When platform_device_register() fails, store the pdevs[x] PTR_ERR() value into the local ret variable before calling x86_android_tablet_remove() to avoid using pdevs[] after it has been freed.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
16.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 6

VendorProductVersionRange
debiandebian_linux11.0any
linuxlinux_kernel*≥5.17  –  <6.1.118
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3
linuxlinux_kernel6.12any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/2fae3129c0c08e72b1fe93e61fd8fd203252094a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73a98cf79e4dbfa3d0c363e826c65aae089b313c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aac871e493fc8809e60209d9899b1af07e9dbfc8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba0b09a2f327319e252d8f3032019b958c0a5cd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f08adc5177bd4343df09033f62ab562c09ba7f7d
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2fae3129c0c08e72b1fe93e61fd8fd203252094a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73a98cf79e4dbfa3d0c363e826c65aae089b313c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aac871e493fc8809e60209d9899b1af07e9dbfc8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba0b09a2f327319e252d8f3032019b958c0a5cd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f08adc5177bd4343df09033f62ab562c09ba7f7d
    Patch