In the Linux kernel, the following vulnerability has been resolved:
pinctrl: core: delete incorrect free in pinctrl_enable()
The "pctldev" struct is allocated in devmpinctrlregisterandinit(). It's a devm_ managed pointer that is freed by devmpinctrldevrelease(), so freeing it in pinctrlenable() will lead to a double free.
The devmpinctrldev_release() function frees the pindescs and destroys the mutex as well.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/pinctrl/core.c" }, "id": "CVE-2024-36940-017142f1", "digest": { "line_hashes": [ "339726207629774851647784836116695465565", "158724737467629816950581126551333205471", "126715927282788662209656355122278109975", "19677716623954293827082550501558620118", "107267818761722206340715781259360955136", "127500043680661580348630376508330542368", "333062817709338263277834241132029624659", "268150293845626333729283435707828538118", "256855359459979955159214350770684659867" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@735f4c6b6771eafe336404c157ca683ad72a040d" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/pinctrl/core.c" }, "id": "CVE-2024-36940-111f587c", "digest": { "line_hashes": [ "339726207629774851647784836116695465565", "158724737467629816950581126551333205471", "126715927282788662209656355122278109975", "19677716623954293827082550501558620118", "107267818761722206340715781259360955136", "127500043680661580348630376508330542368", "333062817709338263277834241132029624659", "268150293845626333729283435707828538118", "256855359459979955159214350770684659867" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5038a66dad0199de60e5671603ea6623eb9e5c79" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/pinctrl/core.c", "function": "pinctrl_enable" }, "id": "CVE-2024-36940-225923be", "digest": { "length": 452.0, "function_hash": "55681484274331912447637933889344984726" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdaa171473d98962ae86f2a663d398fda2fbeefd" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/pinctrl/core.c" }, "id": "CVE-2024-36940-55705bc3", "digest": { "line_hashes": [ "339726207629774851647784836116695465565", "158724737467629816950581126551333205471", "126715927282788662209656355122278109975", "19677716623954293827082550501558620118", "107267818761722206340715781259360955136", "127500043680661580348630376508330542368", "333062817709338263277834241132029624659", "268150293845626333729283435707828538118", "256855359459979955159214350770684659867" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@288bc4aa75f150d6f1ee82dd43c6da1b438b6068" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/pinctrl/core.c", "function": "pinctrl_enable" }, "id": "CVE-2024-36940-66386896", "digest": { "length": 452.0, "function_hash": "55681484274331912447637933889344984726" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@288bc4aa75f150d6f1ee82dd43c6da1b438b6068" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/pinctrl/core.c" }, "id": "CVE-2024-36940-7d76b8ca", "digest": { "line_hashes": [ "339726207629774851647784836116695465565", "158724737467629816950581126551333205471", "126715927282788662209656355122278109975", "19677716623954293827082550501558620118", "107267818761722206340715781259360955136", "127500043680661580348630376508330542368", "333062817709338263277834241132029624659", "268150293845626333729283435707828538118", "256855359459979955159214350770684659867" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/pinctrl/core.c" }, "id": "CVE-2024-36940-7f3821d7", "digest": { "line_hashes": [ "339726207629774851647784836116695465565", "158724737467629816950581126551333205471", "126715927282788662209656355122278109975", "19677716623954293827082550501558620118", "107267818761722206340715781259360955136", "127500043680661580348630376508330542368", "333062817709338263277834241132029624659", "268150293845626333729283435707828538118", "256855359459979955159214350770684659867" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9f1e321d53e4c5b666b66e5b43da29841fb55ba" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/pinctrl/core.c" }, "id": "CVE-2024-36940-bece1bc7", "digest": { "line_hashes": [ "339726207629774851647784836116695465565", "158724737467629816950581126551333205471", "126715927282788662209656355122278109975", "19677716623954293827082550501558620118", "107267818761722206340715781259360955136", "127500043680661580348630376508330542368", "333062817709338263277834241132029624659", "268150293845626333729283435707828538118", "256855359459979955159214350770684659867" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdaa171473d98962ae86f2a663d398fda2fbeefd" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/pinctrl/core.c", "function": "pinctrl_enable" }, "id": "CVE-2024-36940-c5363669", "digest": { "length": 452.0, "function_hash": "55681484274331912447637933889344984726" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f9f1e321d53e4c5b666b66e5b43da29841fb55ba" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/pinctrl/core.c", "function": "pinctrl_enable" }, "id": "CVE-2024-36940-dece0582", "digest": { "length": 452.0, "function_hash": "55681484274331912447637933889344984726" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@558c8039fdf596a584a92c171cbf3298919c448c" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/pinctrl/core.c" }, "id": "CVE-2024-36940-f08c0090", "digest": { "line_hashes": [ "339726207629774851647784836116695465565", "158724737467629816950581126551333205471", "126715927282788662209656355122278109975", "19677716623954293827082550501558620118", "107267818761722206340715781259360955136", "127500043680661580348630376508330542368", "333062817709338263277834241132029624659", "268150293845626333729283435707828538118", "256855359459979955159214350770684659867" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@558c8039fdf596a584a92c171cbf3298919c448c" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/pinctrl/core.c", "function": "pinctrl_enable" }, "id": "CVE-2024-36940-f1c3c7f9", "digest": { "length": 452.0, "function_hash": "55681484274331912447637933889344984726" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/pinctrl/core.c", "function": "pinctrl_enable" }, "id": "CVE-2024-36940-f3adbbd8", "digest": { "length": 452.0, "function_hash": "55681484274331912447637933889344984726" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@735f4c6b6771eafe336404c157ca683ad72a040d" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/pinctrl/core.c", "function": "pinctrl_enable" }, "id": "CVE-2024-36940-fb6a2f61", "digest": { "length": 452.0, "function_hash": "55681484274331912447637933889344984726" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5038a66dad0199de60e5671603ea6623eb9e5c79" } ] }