发布时间: 2024年10月12日
修改时间: 2024年10月14日
In the Linux kernel, the following vulnerability has been resolved:usb: dwc3: st: fix probed platform device ref count on probe error pathThe probe function never performs any paltform device allocation, thuserror path undo_platform_dev_alloc is entirely bogus. It drops thereference count from the platform device being probed. If error path istriggered, this will lead to unbalanced device reference counts andpremature release of device resources, thus possible use-after-free whenreleasing remaining devm-managed resources.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Local | Local |
| CVSS评分 | 7.8 | 7.8 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-4876 | kernel security update | 2025年2月17日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | kernel | Fixed |
| KY3.5.2 | kernel | Fixed |
| KY3.5.3 | kernel | Fixed |
| V6 | kernel | Fixed |
