CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node

Description

In the Linux kernel, the following vulnerability has been resolved:

net: renesas: rswitch: avoid use-after-put for a device tree node

The device tree node saved in the rswitch_device structure is used at
several driver locations. So passing this node to of_node_put() after
the first use is wrong.

Move of_node_put() for this node to exit paths.

Classification

CVE ID: CVE-2024-55639

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.82% (scored less or equal to compared to others)

EPSS Date: 2025-02-09 (when was this score calculated)

References

https://git.kernel.org/stable/c/bf8c6755f02029d1eddc3ff19b870240f054afc7
https://git.kernel.org/stable/c/92007a28f95413058a7268dc84e5f44b700165d1
https://git.kernel.org/stable/c/66b7e9f85b8459c823b11e9af69dbf4be5eb6be8

Timeline

2025-01-12 00:30:31 UTC
CVE

net: renesas: rswitch: avoid use-after-put for a device tree node
2025-03-06 09:45:36 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-55639