PT-2025-3313 · Linux+6 · Linux Kernel+6

Dan Carpenter

Published

2024-12-05

Updated

2025-04-21

CVE-2024-56766

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A double free vulnerability was found in the Linux kernel's mtd: rawnand module, specifically in the atmel pmecc create user() function. The issue occurred because the "user" pointer was converted from being allocated with kzalloc() to being allocated by devm kzalloc(), and calling kfree(user) would lead to a double free.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the atmel pmecc create user() function until a patch is available.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2025-1256

ALT-PU-2025-1288

ALT-PU-2025-1925

ALT-PU-2025-3483

ALT-PU-2025-3496

AZL-55303

AZL-56544

BDU:2025-02837

CVE-2024-56766

DLA-4075-1

DLA-4076-1

MGASA-2025-0030

MGASA-2025-0032

OPENSUSE-SU-2025_0428-1

OPENSUSE-SU-2025_0499-1

OPENSUSE-SU-2025_0557-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025_0428-1

SUSE-SU-2025_0499-1

SUSE-SU-2025_0557-1

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

Affected Products

Alt Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2025-3313 · Linux+6 · Linux Kernel+6

CVE-2024-56766

Weakness Enumeration

Related Identifiers

Affected Products

References · 1813