CVE-2024-46741

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-46741
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46741.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-46741
Downstream
Related
Published
2024-09-18T07:12:02Z
Modified
2025-10-17T12:21:25.978878Z
Summary
misc: fastrpc: Fix double free of 'buf' in error path
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Fix double free of 'buf' in error path

smatch warning: drivers/misc/fastrpc.c:1926 fastrpcreqmmap() error: double free of 'buf'

In fastrpcreqmmap() error path, the fastrpc buffer is freed in fastrpcreqmunmap_impl() if unmap is successful.

But in the end, there is an unconditional call to fastrpcbuffree(). So the above case triggers the double free of fastrpc buf.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2
Fixed
f77dc8a75859e559f3238a6d906206259227985e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2
Fixed
bfc1704d909dc9911a558b1a5833d3d61a43a1f2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2
Fixed
e8c276d4dc0e19ee48385f74426aebc855b49aaf

Affected versions

v6.*

v6.1
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.51
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.10