CVE-2024-41087

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc5

Description The issue is related to a double free error in the Linux kernel's libata-core module. When the ata port alloc() call in ata host alloc() fails, it jumps to the err out label, which calls devres release group(). This triggers a call to ata host release(), which calls kfree(host). If kfree(host) is executed again in ata host alloc(), it results in a double free error. This can lead to a kernel bug and potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the double free error in the libata-core module. Specifically, versions 6.10.0-rc5 and later should include this fix. If updating is not possible, consider applying the patch manually or using a workaround provided by the Linux kernel community. As a temporary workaround, consider disabling the ata host alloc() function until a patch is available. However, this may have significant performance implications and should be used with caution.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.