PT-2025-9937 · Linux+6 · Linux Kernel+6

Published

2024-11-22

·

Updated

2026-04-20

·

CVE-2024-58056

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version where the fix for the remoteproc core issue is included
Description A vulnerability in the Linux kernel's remoteproc core has been identified. The issue arises in the rproc alloc() function when an error occurs before ida alloc is called, leading to the rproc type release() function being called with an uninitialized rproc->index. This results in a warning when ida free is called for an unallocated id. The vulnerability is related to the rproc alloc() function and the rproc type release() function, specifically the ida free() call.
Recommendations For Linux kernel versions prior to the fixed version, consider applying the patch that fixes the remoteproc core issue to prevent the ida free call while not allocated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2025-02442
CVE-2024-58056
DLA-4102-1
OESA-2025-1339
OESA-2025-1340
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7651-1
USN-7651-2
USN-7651-3
USN-7651-4
USN-7651-5
USN-7651-6
USN-7652-1
USN-7653-1
USN-7737-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu