PT-2025-3629 · Linux+6 · Linux Kernel+6

Published

2024-12-07

·

Updated

2025-10-31

·

CVE-2024-57904

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description The issue is related to the Linux kernel, specifically the iio: adc: at91 module. The current implementation of at91 ts register() calls input free deivce() on st->ts input. However, the err label can be reached before the allocated iio dev is stored to st->ts input, thus requiring a call to input free device() on input instead of st->ts input.
Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider modifying the at91 ts register() function to call input free device() on the allocated iio dev instead of st->ts input.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2025-06454
CVE-2024-57904
DLA-4075-1
DLA-4076-1
DSA-5860-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1159
OESA-2025-1160
OESA-2025-2554
OESA-2025-2555
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu