CVE-2024-55639

MEDIUM5.5

net: renesas: rswitch: avoid use-after-put for a device tree node

Published Jan 11, 2025

Modified 11 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

net: renesas: rswitch: avoid use-after-put for a device tree node

The device tree node saved in the rswitch_device structure is used at several driver locations. So passing this node to of_node_put() after the first use is wrong.

Move of_node_put() for this node to exit paths.

References

WEB

https://git.kernel.org/stable/c/66b7e9f85b8459c823b11e9af69dbf4be5eb6be8

WEB

https://git.kernel.org/stable/c/92007a28f95413058a7268dc84e5f44b700165d1

WEB

https://git.kernel.org/stable/c/bf8c6755f02029d1eddc3ff19b870240f054afc7

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-55639

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedJan 11, 2025

ModifiedMay 4, 2025

CVE-2024-55639 | Mondoo Vulnerability Intelligence