CVE-2024-57980

HIGH EPSS 14.9%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥2.6.28  –  <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.76
linuxlinux_kernel*≥6.7  –  <6.12.13
linuxlinux_kernel*≥6.13  –  <6.13.2

References 10

  • git.kernel.org https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277
  • git.kernel.org https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c
  • git.kernel.org https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6e5ba2516c5bef87c1fcb8189b6f3cad7c64b2d
  • git.kernel.org https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1f8e69eec91d5a75ef079778a5d0151db2a7f22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8e63dd7b6683969d3d47c7b8e9635f96d554ad4
    Patch