CVE-2024-56573

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56573
In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool().

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/06d39d79cbd5a91a33707951ebf2512d0e759847 Patch
https://git.kernel.org/stable/c/d173aee5709bd0994d216d60589ec67f8b11376a Patch
https://git.kernel.org/stable/c/eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

07 Oct 2025, 18:23

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-763
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi/libstub: Liberar puntero correcto en caso de falla cmdline_ptr es un parámetro de salida, que no es asignado por la función en sí, y probablemente apunta a la pila del llamador. cmdline se refiere a la asignación del grupo que se debe liberar al limpiar después de una falla, así que páselo en su lugar a free_pool().
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/06d39d79cbd5a91a33707951ebf2512d0e759847 - () https://git.kernel.org/stable/c/06d39d79cbd5a91a33707951ebf2512d0e759847 - Patch
References () https://git.kernel.org/stable/c/d173aee5709bd0994d216d60589ec67f8b11376a - () https://git.kernel.org/stable/c/d173aee5709bd0994d216d60589ec67f8b11376a - Patch
References () https://git.kernel.org/stable/c/eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf - () https://git.kernel.org/stable/c/eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf - Patch

27 Dec 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-27 15:15

Updated : 2025-10-07 18:23

NVD link : CVE-2024-56573

Mitre link : CVE-2024-56573

CVE.ORG link : CVE-2024-56573

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-763

Release of Invalid Pointer or Reference