cve/published/2024/CVE-2024-27433.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()

 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling
 mtk_free_clk_data() explicitly in the remove function would lead to a
 double-free.

 Remove the redundant call.

 The Linux kernel CVE team has assigned CVE-2024-27433 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.6.23 with commit de3340533bd68a7b3d6be1841b8eb3fa6c762fe6
 	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.7.11 with commit f3633fed984f1db106ff737a0bb52fadb2d89ac7
 	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.8.2 with commit fa761ce7a1d15cca1a306b3635f81a22b15fee5b
 	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.9 with commit a32e88f2b20259f5fe4f8eed598bbc85dc4879ed

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-27433
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/clk/mediatek/clk-mt7622-apmixedsys.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/de3340533bd68a7b3d6be1841b8eb3fa6c762fe6
 	https://git.kernel.org/stable/c/f3633fed984f1db106ff737a0bb52fadb2d89ac7
 	https://git.kernel.org/stable/c/fa761ce7a1d15cca1a306b3635f81a22b15fee5b
 	https://git.kernel.org/stable/c/a32e88f2b20259f5fe4f8eed598bbc85dc4879ed
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()

	'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling
	mtk_free_clk_data() explicitly in the remove function would lead to a
	double-free.

	Remove the redundant call.

	The Linux kernel CVE team has assigned CVE-2024-27433 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.6.23 with commit de3340533bd68a7b3d6be1841b8eb3fa6c762fe6
	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.7.11 with commit f3633fed984f1db106ff737a0bb52fadb2d89ac7
	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.8.2 with commit fa761ce7a1d15cca1a306b3635f81a22b15fee5b
	Issue introduced in 6.4 with commit c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 and fixed in 6.9 with commit a32e88f2b20259f5fe4f8eed598bbc85dc4879ed

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-27433
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/clk/mediatek/clk-mt7622-apmixedsys.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/de3340533bd68a7b3d6be1841b8eb3fa6c762fe6
	https://git.kernel.org/stable/c/f3633fed984f1db106ff737a0bb52fadb2d89ac7
	https://git.kernel.org/stable/c/fa761ce7a1d15cca1a306b3635f81a22b15fee5b
	https://git.kernel.org/stable/c/a32e88f2b20259f5fe4f8eed598bbc85dc4879ed