CVE-2024-46741
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-46741
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46741.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-46741
- Downstream
- Related
- Published
- 2024-09-18T07:12:02.496Z
- Modified
- 2025-11-20T05:56:58.708520Z
- Summary
- misc: fastrpc: Fix double free of 'buf' in error path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: Fix double free of 'buf' in error path
smatch warning: drivers/misc/fastrpc.c:1926 fastrpcreqmmap() error: double free of 'buf'
In fastrpcreqmmap() error path, the fastrpc buffer is freed in fastrpcreqmunmap_impl() if unmap is successful.
But in the end, there is an unconditional call to fastrpcbuffree(). So the above case triggers the double free of fastrpc buf.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2Fixedf77dc8a75859e559f3238a6d906206259227985e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2Fixedbfc1704d909dc9911a558b1a5833d3d61a43a1f2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2Fixede8c276d4dc0e19ee48385f74426aebc855b49aaf
Affected versions
v6.*
v6.1
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c",
"function": "fastrpc_req_mmap"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f77dc8a75859e559f3238a6d906206259227985e",
"digest": {
"length": 2382.0,
"function_hash": "199612360792229458500611543131613088747"
},
"id": "CVE-2024-46741-40b02c2f"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c",
"function": "fastrpc_req_mmap"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e8c276d4dc0e19ee48385f74426aebc855b49aaf",
"digest": {
"length": 2382.0,
"function_hash": "199612360792229458500611543131613088747"
},
"id": "CVE-2024-46741-607f5f80"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e8c276d4dc0e19ee48385f74426aebc855b49aaf",
"digest": {
"line_hashes": [
"64403275060859988879850153873300876786",
"203843909277971239386644329536884968493",
"40116041599320964248765345320880774180",
"42618110359716637312237061373356685214",
"223204294359276285307745789775273769339",
"173797903293518226656091283524575508741",
"328332692401638632252392526931256490368",
"101513431176310190142168756571391902248",
"237198841021002716452267576204739496116"
],
"threshold": 0.9
},
"id": "CVE-2024-46741-70f97709"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bfc1704d909dc9911a558b1a5833d3d61a43a1f2",
"digest": {
"line_hashes": [
"64403275060859988879850153873300876786",
"203843909277971239386644329536884968493",
"40116041599320964248765345320880774180",
"42618110359716637312237061373356685214",
"223204294359276285307745789775273769339",
"173797903293518226656091283524575508741",
"328332692401638632252392526931256490368",
"101513431176310190142168756571391902248",
"237198841021002716452267576204739496116"
],
"threshold": 0.9
},
"id": "CVE-2024-46741-b5ee9d05"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f77dc8a75859e559f3238a6d906206259227985e",
"digest": {
"line_hashes": [
"64403275060859988879850153873300876786",
"203843909277971239386644329536884968493",
"40116041599320964248765345320880774180",
"42618110359716637312237061373356685214",
"223204294359276285307745789775273769339",
"173797903293518226656091283524575508741",
"328332692401638632252392526931256490368",
"101513431176310190142168756571391902248",
"237198841021002716452267576204739496116"
],
"threshold": 0.9
},
"id": "CVE-2024-46741-d8954bc7"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "drivers/misc/fastrpc.c",
"function": "fastrpc_req_mmap"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bfc1704d909dc9911a558b1a5833d3d61a43a1f2",
"digest": {
"length": 2382.0,
"function_hash": "199612360792229458500611543131613088747"
},
"id": "CVE-2024-46741-debb521f"
}
]