In the Linux kernel, the following vulnerability has been resolved:
pinctrl: core: delete incorrect free in pinctrl_enable()
The “pctldev” struct is allocated in devm_pinctrl_register_and_init().
It’s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),
so freeing it in pinctrl_enable() will lead to a double free.
The devm_pinctrl_dev_release() function frees the pindescs and destroys
the mutex as well.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/pinctrl/core.c"
],
"versions": [
{
"version": "6118714275f0",
"lessThan": "735f4c6b6771",
"status": "affected",
"versionType": "git"
},
{
"version": "6118714275f0",
"lessThan": "cdaa171473d9",
"status": "affected",
"versionType": "git"
},
{
"version": "6118714275f0",
"lessThan": "288bc4aa75f1",
"status": "affected",
"versionType": "git"
},
{
"version": "6118714275f0",
"lessThan": "41f88ef8ba38",
"status": "affected",
"versionType": "git"
},
{
"version": "6118714275f0",
"lessThan": "ac7d65795827",
"status": "affected",
"versionType": "git"
},
{
"version": "6118714275f0",
"lessThan": "558c8039fdf5",
"status": "affected",
"versionType": "git"
},
{
"version": "6118714275f0",
"lessThan": "f9f1e321d53e",
"status": "affected",
"versionType": "git"
},
{
"version": "6118714275f0",
"lessThan": "5038a66dad01",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/pinctrl/core.c"
],
"versions": [
{
"version": "4.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.314",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.276",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.217",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.159",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.91",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068
git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca
git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79
git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c
git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d
git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e
git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd
git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba
lists.debian.org/debian-lts-announce/2024/06/msg00019.html
lists.debian.org/debian-lts-announce/2024/06/msg00020.html