Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-26866
HistoryApr 17, 2024 - 12:00 a.m.

CVE-2024-26866

2024-04-1700:00:00
ubuntu.com
ubuntu.com
7
linux kernel
vulnerability
spi: lpspi
use-after-free
fsl_lpspi_probe()
memory
error
probe()

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: spi:
lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is
allocating/disposing memory manually with
spi_alloc_host()/spi_alloc_target(), but uses
devm_spi_register_controller(). In case of error after the latter call the
memory will be explicitly freed in the probe function by
spi_controller_put() call, but used afterwards by “devm” management outside
probe() (spi_unregister_controller() <- devm_spi_unregister() below).
Unable to handle kernel NULL pointer dereference at virtual address
0000000000000070 … Call trace: kernfs_find_ns kernfs_find_and_get_ns
sysfs_remove_group sysfs_remove_groups device_remove_attrs device_del
spi_unregister_controller devm_spi_unregister release_nodes
devres_release_all really_probe driver_probe_device __device_attach_driver
bus_for_each_drv __device_attach device_initial_probe bus_probe_device
deferred_probe_work_func process_one_work worker_thread kthread
ret_from_fork

Related

redhatcve 1
cve 1
cvelist 1
nvd 1
debiancve 1
vulnrichment 1
openvas 6
nessus 7
osv 4
ubuntu 5
redhatcve
redhatcve
CVE-2024-26866
2024-04-17 19:28:51
cve
cve
CVE-2024-26866
2024-04-17 11:15:09
cvelist
cvelist
CVE-2024-26866 spi: lpspi: Avoid potential use-after-free in probe()
2024-04-17 10:27:28
nvd
nvd
CVE-2024-26866
2024-04-17 11:15:09
debiancve
debiancve
CVE-2024-26866
2024-04-17 11:15:09
vulnrichment
vulnrichment
CVE-2024-26866 spi: lpspi: Avoid potential use-after-free in probe()
2024-04-17 10:27:28
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1644-1)
2024-05-24 00:00:00
Ubuntu: Security Advisory (USN-6817-3)
2024-06-17 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1659-1)
2024-05-24 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
2024-05-15 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-1)
2024-06-07 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)
2024-06-14 00:00:00
osv
osv
linux-aws, linux-gcp vulnerabilities
2024-06-07 18:49:30
linux-azure, linux-gke vulnerabilities
2024-06-14 17:24:38
linux-oem-6.8 vulnerabilities
2024-06-10 19:28:08
ubuntu
ubuntu
Linux kernel (Oracle) vulnerabilities
2024-07-04 00:00:00
Linux kernel vulnerabilities
2024-06-07 00:00:00
Linux kernel vulnerabilities
2024-06-14 00:00:00

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for UB:CVE-2024-26866
redhatcve1cve1cvelist1nvd1debiancve1vulnrichment1openvas6nessus7osv4ubuntu5