SB2024073191 - Double free in Linux kernel ata driver
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024073191
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Double free (CVE-ID: CVE-2024-41087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2
- https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f
- https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe
- https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047
- https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5
- https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3
- https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76
- https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37