DEBIAN-CVE-2024-58003

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2024-58003

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-58003.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-58003

Upstream

CVE-2024-58003

Published

2025-02-27T03:15:11Z

Modified

2025-09-18T05:18:03Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ds90ub9x3: Fix extra fwnodehandleput() The ub913 and ub953 drivers call fwnodehandleput(priv->sd.fwnode) as part of their remove process, and if the driver is removed multiple times, eventually leads to put "overflow", possibly causing memory corruption or crash. The fwnodehandleput() is a leftover from commit 905f88ccebb1 ("media: i2c: ds90ub9x3: Fix sub-device matching"), which changed the code related to the sd.fwnode, but missed removing these fwnodehandleput() calls.

References

https://security-tracker.debian.org/tracker/CVE-2024-58003

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}