Linux · Linux Kernel · CVE-2024-46673
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to a double-free vulnerability in the Linux kernel's scsi: aacraid module. The `aac probe one()` function calls hardware-specific init functions through the `aac driver ident::init` pointer, which eventually call down to `aac init adapter()`. If `aac init adapter()` fails after allocating memory for `aac dev::queues`, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, `aac probe one()` goes down an error path that frees the memory pointed to by `aac dev::queues`, resulting in a double-free. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.