CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload

Description

In the Linux kernel, the following vulnerability has been resolved:

EDAC/igen6: Avoid segmentation fault on module unload

The segmentation fault happens because:

During modprobe:
1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()
2. In igen6_register_mci(), mci->pvt_info will point to
&igen6_pvt->imc[mc]

During rmmod:
1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info)
2. In igen6_remove(), it will kfree(igen6_pvt);

Fix this issue by setting mci->pvt_info to NULL to avoid the double
kfree.

Classification

CVE ID: CVE-2024-56708

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/029ac07bb92d2f7502d47a4916f197a8445d83bf
https://git.kernel.org/stable/c/2a80e710bbc088a2511c159ee4d910456c5f0832
https://git.kernel.org/stable/c/830cabb61113d92a425dd3038ccedbdfb3c8d079
https://git.kernel.org/stable/c/e5c7052664b61f9e2f896702d20552707d0ef60a
https://git.kernel.org/stable/c/db60326f2c47b079e36785ace621eb3002db2088
https://git.kernel.org/stable/c/fefaae90398d38a1100ccd73b46ab55ff4610fba

Timeline

2024-12-29 00:30:43 UTC
CVE

EDAC/igen6: Avoid segmentation fault on module unload
2025-03-06 09:45:25 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-56708