PT-2024-21620 · Linux+4 · Linux Kernel+4

Published

2024-03-06

Updated

2025-03-28

CVE-2024-27027

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when there are multiple registrations of the same pin on the same dpll device, resulting in warnings. The problem is that in both dpll xa ref dpll del() and dpll xa ref pin del() functions, registration is only removed from the list when the reference count drops to zero, which is incorrect. The registration should be removed always. To fix this, the registration should be removed from the list and freed unconditionally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-08091

CVE-2024-27027

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2024-21620 · Linux+4 · Linux Kernel+4

CVE-2024-27027

Weakness Enumeration

Related Identifiers

Affected Products

References · 3024