PT-2024-37009 · Linux+3 · Linux Kernel+3

Published

2024-11-25

Updated

2025-08-20

CVE-2024-56699

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential double removal issue in the s390/pci hotplug slot has been identified. The issue arises from the zpci release device() function, which is only called when all references are dropped, but contains code to handle devices in both configured and standby states. This could lead to a double removal of the hotplug slot if a device is removed in either state. The issue has been resolved by adding a WARN ON() check to prevent devices in non-reserved states from being released and removing dead code cases.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2026-03543

CVE-2024-56699

SUSE-SU-2025:02249-1

SUSE-SU-2025:02254-1

SUSE-SU-2025:02307-1

SUSE-SU-2025:02333-1

SUSE-SU-2025:02335-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:20475-1

SUSE-SU-2025:20483-1

SUSE-SU-2025:20493-1

SUSE-SU-2025:20498-1

SUSE-SU-2025_02249-1

SUSE-SU-2025_02254-1

SUSE-SU-2025_02307-1

SUSE-SU-2025_02333-1

SUSE-SU-2025_02335-1

SUSE-SU-2025_02538-1

USN-7276-1

USN-7277-1

USN-7310-1

Affected Products

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2024-37009 · Linux+3 · Linux Kernel+3

CVE-2024-56699

Weakness Enumeration

Related Identifiers

Affected Products

References · 1873