CVE-2024-56573
Last modified
CVE-2024-56573 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool().. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool().
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.2, < 6.6.64 |
| Linux | Linux Kernel | >= 6.7, < 6.12.4 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-56573?
How severe is CVE-2024-56573?
How do I fix CVE-2024-56573?
Are you affected by CVE-2024-56573?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST