CVE-2024-42138

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42138
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42138.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42138
Downstream
Related
Published
2024-07-30T07:46:32Z
Modified
2025-10-17T09:35:31.671227Z
Summary
mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file
Details

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

In case of invalid INI file mlxswlinecardtypesinit() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxswlinecardtypesinit() call, mlxswlinecardsinit() calls mlxswlinecardtypes_fini() which performs memory deallocation again.

Add pointer reset to NULL.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b217127e5e4ee0ecfce7c5f84cfe082238123bda
Fixed
ab557f5cd993a3201b09593633d04b891263d5c0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b217127e5e4ee0ecfce7c5f84cfe082238123bda
Fixed
f8b55a465b0e8a500179808166fe9420f5c091a1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b217127e5e4ee0ecfce7c5f84cfe082238123bda
Fixed
9af7437669b72f804fc4269f487528dbbed142a2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b217127e5e4ee0ecfce7c5f84cfe082238123bda
Fixed
8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3

Affected versions

v5.*

v5.18
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "id": "CVE-2024-42138-17bb6b06",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "309483418095740380574759402446362187963",
                "233996730449061371866700470114420933116",
                "49858453482249557882052968106907478362",
                "289383279038616450572715082670120867907"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2024-42138-4caf643a",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3",
        "signature_version": "v1",
        "target": {
            "function": "mlxsw_linecard_types_init",
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "function_hash": "129613648152532615144905163562787268751",
            "length": 1357.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2024-42138-54988e91",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9af7437669b72f804fc4269f487528dbbed142a2",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "309483418095740380574759402446362187963",
                "233996730449061371866700470114420933116",
                "49858453482249557882052968106907478362",
                "289383279038616450572715082670120867907"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2024-42138-58067005",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9af7437669b72f804fc4269f487528dbbed142a2",
        "signature_version": "v1",
        "target": {
            "function": "mlxsw_linecard_types_init",
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "function_hash": "129613648152532615144905163562787268751",
            "length": 1357.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2024-42138-70be42e2",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab557f5cd993a3201b09593633d04b891263d5c0",
        "signature_version": "v1",
        "target": {
            "function": "mlxsw_linecard_types_init",
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "function_hash": "129613648152532615144905163562787268751",
            "length": 1357.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2024-42138-72507674",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f8b55a465b0e8a500179808166fe9420f5c091a1",
        "signature_version": "v1",
        "target": {
            "function": "mlxsw_linecard_types_init",
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "function_hash": "129613648152532615144905163562787268751",
            "length": 1357.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2024-42138-75e86fa9",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f8b55a465b0e8a500179808166fe9420f5c091a1",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "309483418095740380574759402446362187963",
                "233996730449061371866700470114420933116",
                "49858453482249557882052968106907478362",
                "289383279038616450572715082670120867907"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2024-42138-bd1b400c",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab557f5cd993a3201b09593633d04b891263d5c0",
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlxsw/core_linecards.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "309483418095740380574759402446362187963",
                "233996730449061371866700470114420933116",
                "49858453482249557882052968106907478362",
                "289383279038616450572715082670120867907"
            ]
        },
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.98
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.39
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.9