DEBIAN-CVE-2024-26653

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-26653

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-26653.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-26653

Upstream

CVE-2024-26653

Published

2024-04-01T09:15:51Z

Modified

2025-09-25T22:40:25Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: usb: misc: ljca: Fix double free in error handling path When auxiliarydeviceadd() returns error and then calls auxiliarydeviceuninit(), callback function ljcaauxdevrelease calls kfree(auxdev->dev.platformdata) to free the parameter data of the function ljcanewclientdevice. The callers of ljcanewclientdevice shouldn't call kfree() again in the error handling path to free the platform data. Fix this by cleaning up the redundant kfree() in all callers and adding kfree() the passed in platformdata on errors which happen before auxiliarydeviceinit() succeeds .

References

https://security-tracker.debian.org/tracker/CVE-2024-26653

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}