CVE-2024-50071: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()

Description

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()

'new_map' is allocated using devm_* which takes care of freeing the
allocated data on device removal, call to

.dt_free_map = pinconf_generic_dt_free_map

double frees the map as pinconf_generic_dt_free_map() calls
pinctrl_utils_free_map().

Fix this by using kcalloc() instead of auto-managed devm_kcalloc().

Classification

CVE ID: CVE-2024-50071

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.61% (scored less or equal to compared to others)

EPSS Date: 2025-05-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50071
https://git.kernel.org/stable/c/6441d9c3d71b59c8fd27d4e381c7471a32ac1a68
https://git.kernel.org/stable/c/3fd976afe9743110f20a23f93b7ff9693f2be4bf

Timeline