CVE-2024-58003
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-58003
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58003.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-58003
- Downstream
- Related
- Published
- 2025-02-27T03:15:11Z
- Modified
- 2025-03-10T05:00:03Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: ds90ub9x3: Fix extra fwnodehandleput()
The ub913 and ub953 drivers call fwnodehandleput(priv->sd.fwnode) as part of their remove process, and if the driver is removed multiple times, eventually leads to put "overflow", possibly causing memory corruption or crash.
The fwnodehandleput() is a leftover from commit 905f88ccebb1 ("media: i2c: ds90ub9x3: Fix sub-device matching"), which changed the code related to the sd.fwnode, but missed removing these fwnodehandleput() calls.
- References
-
- https://git.kernel.org/stable/c/474d7baf91d37bc411fa60de5bbf03c9dd82e18a
- https://git.kernel.org/stable/c/60b45ece41c5632a3a3274115a401cb244180646
- https://git.kernel.org/stable/c/70743d6a8b256225675711e7983825f1be86062d
- https://git.kernel.org/stable/c/f4e4373322f8d4c19721831f7fb989e52d30dab0
- https://security-tracker.debian.org/tracker/CVE-2024-58003
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source