CVE-2024-53213

Source
https://cve.org/CVERecord?id=CVE-2024-53213
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53213.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-53213
Downstream
Related
Published
2024-12-27T13:49:58.709Z
Modified
2026-07-08T08:01:31.751590183Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

In lan78xx_probe(), the buffer buf was being freed twice: once implicitly through usb_free_urb(dev->urb_intr) with the URB_FREE_BUFFER flag and again explicitly by kfree(buf). This caused a double free issue.

To resolve this, reordered kmalloc() and usb_alloc_urb() calls to simplify the initialization sequence and removed the redundant kfree(buf). Now, buf is allocated after usb_alloc_urb(), ensuring it is correctly managed by usb_fill_int_urb() and freed by usb_free_urb() as intended.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53213.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3281ebb3dc5ef19507e65523e9f8c00e20b285ca
Fixed
cc5aa8e3ad69dcedeba79e667d4a2efb72a305af
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dcafa5a8452738eb28085f559b0683d55e22b2f5
Fixed
2970ef2fce90c661952ec2b451b0276d5f8d6180
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a6df95cae40bee555e01a37b4023ce8e97ffa249
Fixed
977128343fc2a30737399b58df8ea77e94f164bd
Fixed
a422ebec863d99d5607fb41bb7af3347fcb436d3
Fixed
b09512aea6223eec756f52aa584fc29eeab57480
Fixed
7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40
Fixed
03819abbeb11117dcbba40bfe322b88c0c88a6b6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5.10.252
Fixed
5.10.258
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5.15.202
Fixed
5.15.209

Affected versions

v5.*
v5.10.252
v5.10.253
v5.10.254
v5.10.255
v5.10.256
v5.10.257
v5.15.202
v5.15.203
v5.15.204
v5.15.205
v5.15.206
v5.15.207
v5.15.208

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53213.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.120
Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
6.6.64
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.11.11
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53213.json"