Linux · Linux Kernel · CVE-2024-36959
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The issue is related to a refcount leak in the `pinctrl dt to map()` function. If the allocation of the `propname` buffer fails, the reference count is not dropped, which can lead to a leak. The `pinctrl dt free maps()` function includes the dropping operation, so it is called directly to fix the issue. This problem can allow an attacker to access confidential information.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later.
As a temporary workaround, consider restricting access to the `pinctrl dt to map()` function until a patch is available.