PT-2024-7590 · Linux+6 · Linux Kernel+6

Published

2024-08-13

·

Updated

2025-09-29

·

CVE-2024-49853

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58
Description A double free vulnerability in the OPTEE transport of the Linux kernel's firmware for ARM SCMI has been resolved. The issue occurred because channels can be shared between protocols, and the same channel descriptors were being freed twice when unloading the stack. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the scmi optee chan free() function in the drivers/firmware/arm scmi/optee.c module until a patch is available. Avoid using shared channels between protocols to minimize the risk of exploitation.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-14268
AZL-50978
BDU:2024-08996
CVE-2024-49853
DLA-4008-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2590
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu