CVE-2024-46673

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a double-free vulnerability in the Linux kernel's scsi: aacraid module. The aac probe one() function calls hardware-specific init functions through the aac driver ident::init pointer, which eventually call down to aac init adapter(). If aac init adapter() fails after allocating memory for aac dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac probe one() goes down an error path that frees the memory pointed to by aac dev::queues, resulting in a double-free. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.