CVE-2024-26653

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a double free error in the Linux kernel's USB driver, specifically in the ljca module. When auxiliary device add() returns an error and calls auxiliary device uninit(), the callback function ljca auxdev release frees the parameter data of the ljca new client device function using kfree(auxdev->dev.platform data). However, the callers of ljca new client device should not call kfree() again to free the platform data in the error handling path. The fix involves cleaning up the redundant kfree() calls in all callers and adding kfree() for the passed-in platform data on errors that occur before auxiliary device init() succeeds.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.