CVE-2024-26653
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26653
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26653.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26653
- Downstream
- Published
- 2024-04-01T08:33:04Z
- Modified
- 2025-10-09T02:06:45.994184Z
- Summary
- usb: misc: ljca: Fix double free in error handling path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: misc: ljca: Fix double free in error handling path
When auxiliarydeviceadd() returns error and then calls auxiliarydeviceuninit(), callback function ljcaauxdevrelease calls kfree(auxdev->dev.platformdata) to free the parameter data of the function ljcanewclientdevice. The callers of ljcanewclient_device shouldn't call kfree() again in the error handling path to free the platform data.
Fix this by cleaning up the redundant kfree() in all callers and adding kfree() the passed in platformdata on errors which happen before auxiliarydevice_init() succeeds .
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedacd6199f195d6de814ac4090ce0864a613b1580eFixed420babea4f1881a7c4ea22a8e218b8c6895d3f21
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedacd6199f195d6de814ac4090ce0864a613b1580eFixed8a9f653cc852677003c23ee8075e3ed8fb4743c9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedacd6199f195d6de814ac4090ce0864a613b1580eFixed7c9631969287a5366bc8e39cd5abff154b35fb80
Affected versions
v6.*
v6.6
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.9-rc1