CVE-2024-36973

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36973

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36973.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36973

Downstream

BELL-CVE-2024-36973

DEBIAN-CVE-2024-36973

DLA-4008-1

DSA-5731-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-36973

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Related

Published

2024-06-17T18:15:17Z

Modified

2025-08-09T19:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

misc: microchip: pci1xxxx: fix double free in the error handling of gpauxbus_probe()

When auxiliarydeviceadd() returns error and then calls auxiliarydeviceuninit(), callback function gpauxiliarydevicerelease() calls idafree() and kfree(auxdevicewrapper) to free memory. We should't call them again in the error handling path.

Fix this by skipping the redundant cleanup functions.

References

Affected packages