In the Linux kernel, the following vulnerability has been resolved: pinctrl: intel: platform: fix error path in device_for_each_child_node() The device_for_each_child_node() loop requires calls to fwnode_handle_put() upon early returns to decrement the refcount of the child node and avoid leaking memory if that error path is triggered. There is one early returns within that loop in intel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is missing. Instead of adding the missing call, the scoped version of the loop can be used to simplify the code and avoid mistakes in the future if new early returns are added, as the child node is only used for parsing, and it is never assigned.
History

Fri, 29 Nov 2024 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Fri, 22 Nov 2024 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 08 Nov 2024 06:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pinctrl: intel: platform: fix error path in device_for_each_child_node() The device_for_each_child_node() loop requires calls to fwnode_handle_put() upon early returns to decrement the refcount of the child node and avoid leaking memory if that error path is triggered. There is one early returns within that loop in intel_platform_pinctrl_prepare_community(), but fwnode_handle_put() is missing. Instead of adding the missing call, the scoped version of the loop can be used to simplify the code and avoid mistakes in the future if new early returns are added, as the child node is only used for parsing, and it is never assigned.
Title pinctrl: intel: platform: fix error path in device_for_each_child_node()
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-11-08T05:54:11.739Z

Updated: 2024-12-19T09:35:15.740Z

Reserved: 2024-10-21T19:36:19.968Z

Link: CVE-2024-50197

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-11-08T06:15:16.407

Modified: 2024-11-29T20:33:23.700

Link: CVE-2024-50197

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-11-08T00:00:00Z

Links: CVE-2024-50197 - Bugzilla