CVE-2024-57904

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6	Patch
https://git.kernel.org/stable/c/09e067e3c83e0695d338e8a26916e3c2bc44be02	Patch
https://git.kernel.org/stable/c/25ef52f1c15db67d890b80203a911b9a57b0bf71	Patch
https://git.kernel.org/stable/c/ac8d932e3214c10ec641ad45a253929a596ead62	Patch
https://git.kernel.org/stable/c/b549c90bfe66f704878aa1e57b30ba15dab71935	Patch
https://git.kernel.org/stable/c/d115b7f3ddc03b38bb7e8754601556fe9b4fc034	Patch
https://git.kernel.org/stable/c/de6a73bad1743e9e81ea5a24c178c67429ff510b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::

History

16 Oct 2025, 19:53

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6 -~~	() https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6 - Patch
References	~~() https://git.kernel.org/stable/c/09e067e3c83e0695d338e8a26916e3c2bc44be02 -~~	() https://git.kernel.org/stable/c/09e067e3c83e0695d338e8a26916e3c2bc44be02 - Patch
References	~~() https://git.kernel.org/stable/c/25ef52f1c15db67d890b80203a911b9a57b0bf71 -~~	() https://git.kernel.org/stable/c/25ef52f1c15db67d890b80203a911b9a57b0bf71 - Patch
References	~~() https://git.kernel.org/stable/c/ac8d932e3214c10ec641ad45a253929a596ead62 -~~	() https://git.kernel.org/stable/c/ac8d932e3214c10ec641ad45a253929a596ead62 - Patch
References	~~() https://git.kernel.org/stable/c/b549c90bfe66f704878aa1e57b30ba15dab71935 -~~	() https://git.kernel.org/stable/c/b549c90bfe66f704878aa1e57b30ba15dab71935 - Patch
References	~~() https://git.kernel.org/stable/c/d115b7f3ddc03b38bb7e8754601556fe9b4fc034 -~~	() https://git.kernel.org/stable/c/d115b7f3ddc03b38bb7e8754601556fe9b4fc034 - Patch
References	~~() https://git.kernel.org/stable/c/de6a73bad1743e9e81ea5a24c178c67429ff510b -~~	() https://git.kernel.org/stable/c/de6a73bad1743e9e81ea5a24c178c67429ff510b - Patch
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux Linux linux Kernel

02 Feb 2025, 11:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/ac8d932e3214c10ec641ad45a253929a596ead62 - () https://git.kernel.org/stable/c/b549c90bfe66f704878aa1e57b30ba15dab71935 -

23 Jan 2025, 17:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: at91: llamar a input_free_device() en iio_dev asignado La implementación actual de at91_ts_register() llama a input_free_deivce() en st->ts_input, sin embargo, se puede llegar a la etiqueta err antes de que el iio_dev asignado se almacene en st->ts_input. Por lo tanto, se llama a input_free_device() en la entrada en lugar de a st->ts_input.
References		() https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6 -

19 Jan 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-19 12:15

Updated : 2025-10-16 19:53

NVD link : CVE-2024-57904

Mitre link : CVE-2024-57904

CVE.ORG link : CVE-2024-57904

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

7.8 /10