| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122829-CVE-2024-56676-0d17@gregkh> Date: Sat, 28 Dec 2024 10:45:28 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56676: thermal: testing: Initialize some variables annoteded with _free() Description =========== In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with _free() Variables annotated with __free() need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed to by them upon function return may crash the kernel. Fix this issue in some places in the thermal testing code. The Linux kernel CVE team has assigned CVE-2024-56676 to this issue. Affected and fixed versions =========================== Issue introduced in 6.12 with commit f6a034f2df426e279f1ecad53626bab80c04796a and fixed in 6.12.2 with commit 526c132124a62be486bad1701f7e8e92212ccec6 Issue introduced in 6.12 with commit f6a034f2df426e279f1ecad53626bab80c04796a and fixed in 6.13-rc1 with commit 0104dcdaad3a7afd141e79a5fb817a92ada910ac Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56676 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/thermal/testing/zone.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/526c132124a62be486bad1701f7e8e92212ccec6 https://git.kernel.org/stable/c/0104dcdaad3a7afd141e79a5fb817a92ada910ac
Powered by blists - more mailing lists