What is CVE-2024-36940?

CVE-2024-36940 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10. CVE-2024-36940 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-36940?

CVE-2024-36940 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2024-36940?

No patch is currently available for CVE-2024-36940. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-36940 actively exploited?

CVE-2024-36940 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-36940

High

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

Package Linux Kernel

Published 2024-05-30

Last modified 2026-05-12

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-415

CVE-2024-36940 is classified as CWE-415

See CWE-415 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2024-36940 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Mailing List
Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
Kernel patch commit
https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068
Patch
Kernel patch commit
https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2024-36940

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2024-05-30

Modified 2026-05-12

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-36940?

CVE-2024-36940 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . CVE-2024-36940 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-36940?

CVE-2024-36940 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2024-36940?

No patch is currently available for CVE-2024-36940. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-36940 actively exploited?

No — CVE-2024-36940 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.