Huawei EulerOS: CVE-2024-36940: kernel security update

Huawei EulerOS: CVE-2024-36940: kernel security update

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

05/30/2024

Created

10/09/2024

Added

10/08/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

Solution(s)

• huawei-euleros-2_0_sp9-upgrade-kernel
• huawei-euleros-2_0_sp9-upgrade-kernel-tools
• huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs
• huawei-euleros-2_0_sp9-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-36940
• CVE - 2024-36940
• EulerOS-SA-2024-2394