CVE-2024-42138

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42138
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42138.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42138
Downstream
Related
Published
2024-07-30T07:46:32.611Z
Modified
2025-11-28T02:34:40.872417Z
Summary
mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file
Details

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

In case of invalid INI file mlxswlinecardtypesinit() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxswlinecardtypesinit() call, mlxswlinecardsinit() calls mlxswlinecardtypes_fini() which performs memory deallocation again.

Add pointer reset to NULL.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42138.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b217127e5e4ee0ecfce7c5f84cfe082238123bda
Fixed
ab557f5cd993a3201b09593633d04b891263d5c0
Fixed
f8b55a465b0e8a500179808166fe9420f5c091a1
Fixed
9af7437669b72f804fc4269f487528dbbed142a2
Fixed
8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.98
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.39
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.9