CVE-2024-58003

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-58003
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58003.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-58003
Downstream
Related
Published
2025-02-27T02:12:00.834Z
Modified
2026-03-11T05:29:50.147989Z
Summary
media: i2c: ds90ub9x3: Fix extra fwnode_handle_put()
Details

In the Linux kernel, the following vulnerability has been resolved:

media: i2c: ds90ub9x3: Fix extra fwnodehandleput()

The ub913 and ub953 drivers call fwnodehandleput(priv->sd.fwnode) as part of their remove process, and if the driver is removed multiple times, eventually leads to put "overflow", possibly causing memory corruption or crash.

The fwnodehandleput() is a leftover from commit 905f88ccebb1 ("media: i2c: ds90ub9x3: Fix sub-device matching"), which changed the code related to the sd.fwnode, but missed removing these fwnodehandleput() calls.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58003.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
905f88ccebb14e42bcd19455b0d9c0d4808f1897
Fixed
474d7baf91d37bc411fa60de5bbf03c9dd82e18a
Fixed
f4e4373322f8d4c19721831f7fb989e52d30dab0
Fixed
70743d6a8b256225675711e7983825f1be86062d
Fixed
60b45ece41c5632a3a3274115a401cb244180646

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58003.json"