CVE-2024-38627
HighIn the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.
CVSS 3.1 score
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness type
CWE-415CVE-2024-38627 is classified as CWE-415
See CWE-415 on MITRE CWE for full details on this weakness type.
References
The following references provide additional information about CVE-2024-38627 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
-
PatchKernel patch commithttps://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20
-
PatchKernel patch commithttps://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459
-
PatchKernel patch commithttps://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247
Frequently asked questions
-
What is CVE-2024-38627?
CVE-2024-38627 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . CVE-2024-38627 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2024-38627?
CVE-2024-38627 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. -
Is there a patch available for CVE-2024-38627?
No patch is currently available for CVE-2024-38627. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2024-38627 actively exploited?
No — CVE-2024-38627 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.