| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.8.9. This vulnerability affects the function pinctrl_enable. The manipulation leads to double free.
This vulnerability is uniquely identified as CVE-2024-36940. No exploit exists.
It is advisable to upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 6.8.9. It has been rated as problematic. This issue affects the function pinctrl_enable. The manipulation with an unknown input leads to a double free vulnerability. Using CWE to declare the problem leads to CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. The impact remains unknown. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.
It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2024-36940 since 05/30/2024. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/11/2025).
The vulnerability scanner Nessus provides a plugin with the ID 209785 (EulerOS Virtualization 2.12.0 : kernel (EulerOS-SA-2024-2781)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 4.19.314, 5.4.276, 5.10.217, 5.15.159, 6.1.91, 6.6.31 or 6.8.10 eliminates this vulnerability. Applying the patch 735f4c6b6771/cdaa171473d9/288bc4aa75f1/41f88ef8ba38/ac7d65795827/558c8039fdf5/f9f1e321d53e/5038a66dad01 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at Tenable (209785). Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
- 4.19.313
- 5.4.275
- 5.10.216
- 5.15.158
- 6.1.0
- 6.1.1
- 6.1.2
- 6.1.3
- 6.1.4
- 6.1.5
- 6.1.6
- 6.1.7
- 6.1.8
- 6.1.9
- 6.1.10
- 6.1.11
- 6.1.12
- 6.1.13
- 6.1.14
- 6.1.15
- 6.1.16
- 6.1.17
- 6.1.18
- 6.1.19
- 6.1.20
- 6.1.21
- 6.1.22
- 6.1.23
- 6.1.24
- 6.1.25
- 6.1.26
- 6.1.27
- 6.1.28
- 6.1.29
- 6.1.30
- 6.1.31
- 6.1.32
- 6.1.33
- 6.1.34
- 6.1.35
- 6.1.36
- 6.1.37
- 6.1.38
- 6.1.39
- 6.1.40
- 6.1.41
- 6.1.42
- 6.1.43
- 6.1.44
- 6.1.45
- 6.1.46
- 6.1.47
- 6.1.48
- 6.1.49
- 6.1.50
- 6.1.51
- 6.1.52
- 6.1.53
- 6.1.54
- 6.1.55
- 6.1.56
- 6.1.57
- 6.1.58
- 6.1.59
- 6.1.60
- 6.1.61
- 6.1.62
- 6.1.63
- 6.1.64
- 6.1.65
- 6.1.66
- 6.1.67
- 6.1.68
- 6.1.69
- 6.1.70
- 6.1.71
- 6.1.72
- 6.1.73
- 6.1.74
- 6.1.75
- 6.1.76
- 6.1.77
- 6.1.78
- 6.1.79
- 6.1.80
- 6.1.81
- 6.1.82
- 6.1.83
- 6.1.84
- 6.1.85
- 6.1.86
- 6.1.87
- 6.1.88
- 6.1.89
- 6.1.90
- 6.6.0
- 6.6.1
- 6.6.2
- 6.6.3
- 6.6.4
- 6.6.5
- 6.6.6
- 6.6.7
- 6.6.8
- 6.6.9
- 6.6.10
- 6.6.11
- 6.6.12
- 6.6.13
- 6.6.14
- 6.6.15
- 6.6.16
- 6.6.17
- 6.6.18
- 6.6.19
- 6.6.20
- 6.6.21
- 6.6.22
- 6.6.23
- 6.6.24
- 6.6.25
- 6.6.26
- 6.6.27
- 6.6.28
- 6.6.29
- 6.6.30
- 6.8.0
- 6.8.1
- 6.8.2
- 6.8.3
- 6.8.4
- 6.8.5
- 6.8.6
- 6.8.7
- 6.8.8
- 6.8.9
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.6VulDB Meta Temp Score: 6.5
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Double freeCWE: CWE-415 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 209785
Nessus Name: EulerOS Virtualization 2.12.0 : kernel (EulerOS-SA-2024-2781)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 4.19.314/5.4.276/5.10.217/5.15.159/6.1.91/6.6.31/6.8.10
Patch: 735f4c6b6771/cdaa171473d9/288bc4aa75f1/41f88ef8ba38/ac7d65795827/558c8039fdf5/f9f1e321d53e/5038a66dad01
Timeline
05/30/2024 🔍05/30/2024 🔍
05/30/2024 🔍
01/11/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-36940 (🔍)
GCVE (CVE): GCVE-0-2024-36940
GCVE (VulDB): GCVE-100-266687
Entry
Created: 05/30/2024 19:07Updated: 01/11/2025 00:51
Changes: 05/30/2024 19:07 (56), 10/28/2024 02:13 (3), 01/11/2025 00:51 (12)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.

No comments yet. Languages: en.
Please log in to comment.