PT-2024-8855 · Linux+9 · Linux Kernel+9
Guanrui Huang
·
Published
2024-04-25
·
Updated
2025-09-29
·
CVE-2024-35847
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a double free error in the irqchip/gic-v3-its component of the Linux kernel. This error occurs when the
its vpe init() function fails after successfully allocating at least one interrupt, causing the its vpe irq domain alloc() function to free the area bitmap and the vprop page again. The error handling path in its vpe irq domain alloc() causes this double free. To fix this, the its vpe irq domain free() function is unconditionally invoked to handle all cases correctly, and the bitmap/vprop page freeing is removed from its vpe irq domain alloc(). This vulnerability may allow an attacker to cause a denial of service.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu