CVE-2024-56676

In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with _free() Variables annotated with __free() need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed to by them upon function return may crash the kernel. Fix this issue in some places in the thermal testing code.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0104dcdaad3a7afd141e79a5fb817a92ada910ac	Patch
https://git.kernel.org/stable/c/526c132124a62be486bad1701f7e8e92212ccec6	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-28 10:15

Updated : 2025-09-26 20:29

NVD link : CVE-2024-56676

Mitre link : CVE-2024-56676

CVE.ORG link : CVE-2024-56676

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-909

Missing Initialization of Resource

{"id": "CVE-2024-56676", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-12-28T10:15:06.113", "references": [{"url": "https://git.kernel.org/stable/c/0104dcdaad3a7afd141e79a5fb817a92ada910ac", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/526c132124a62be486bad1701f7e8e92212ccec6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-909"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: testing: Initialize some variables annoteded with _free()\n\nVariables annotated with __free() need to be initialized if the function\ncan return before they get updated for the first time or the attempt to\nfree the memory pointed to by them upon function return may crash the\nkernel.\n\nFix this issue in some places in the thermal testing code."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thermal: testing: Initialize some variables annotated with _free() Las variables anotadas con __free() deben inicializarse si la funci\u00f3n puede regresar antes de que se actualicen por primera vez o el intento de liberar la memoria a la que apuntan al regresar la funci\u00f3n puede hacer que el kernel se bloquee. Corrija este problema en algunos lugares del c\u00f3digo de pruebas t\u00e9rmicas."}], "lastModified": "2025-09-26T20:29:18.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}