CVE-2024-42138

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42138

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42138.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-42138

Downstream

BELL-CVE-2024-42138

DEBIAN-CVE-2024-42138

DLA-4008-1

OESA-2024-2076

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

UBUNTU-CVE-2024-42138

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Related

Published

2024-07-30T08:15:05Z

Modified

2025-08-09T20:01:25Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

In case of invalid INI file mlxswlinecardtypesinit() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxswlinecardtypesinit() call, mlxswlinecardsinit() calls mlxswlinecardtypes_fini() which performs memory deallocation again.

Add pointer reset to NULL.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages