CVE-2024-49853 - Double Free

Severity

78%

Complexity

18%

Confidentiality

98%

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in OPTEE transport Channels can be shared between protocols, avoid freeing the same channel descriptors twice when unloading the stack.

CVSS 3.1 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Demo Examples

Double Free

CWE-415

Double Free

CWE-415

While contrived, this code should be exploitable on Linux distributions which do not ship with heap-chunk check summing turned on.


               
}
free(buf1R2);

Overview

First reported 4 months ago

2024-10-21 13:15:00

Last updated 4 months ago

2024-10-23 16:14:00

Affected Software

Linux Kernel

References

https://git.kernel.org/stable/c/d7f4fc2bc101e666da649605a9ece2bd42529c7a

https://git.kernel.org/stable/c/6699567b0bbb378600a4dc0a1f929439a4e84a2c

https://git.kernel.org/stable/c/dc9543a4f2a5498a4a12d6d2427492a6f1a28056

https://git.kernel.org/stable/c/aef6ae124bb3cc12e34430fed91fbb7efd7a444d

https://git.kernel.org/stable/c/e98dba934b2fc587eafb83f47ad64d9053b18ae0

https://git.kernel.org/stable/c/d7f4fc2bc101e666da649605a9ece2bd42529c7a

Patch

https://git.kernel.org/stable/c/6699567b0bbb378600a4dc0a1f929439a4e84a2c

Patch

https://git.kernel.org/stable/c/dc9543a4f2a5498a4a12d6d2427492a6f1a28056

Patch

https://git.kernel.org/stable/c/aef6ae124bb3cc12e34430fed91fbb7efd7a444d

Patch

https://git.kernel.org/stable/c/e98dba934b2fc587eafb83f47ad64d9053b18ae0

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.