CVE-2024-56766 Information
Jan 08, 2025
cve
Description
In the Linux kernel the following vulnerability has been resolved:
mtd: rawnand: fix double free in atmel_pmecc_create_user()
The �ser\ pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7 https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17 https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: