Description

In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). These functions should not be called with parameters allocated with devm_kzalloc() to avoid use-after-free issues [1]. Use allocations managed by the DRM framework. Found by Linux Verification Center (linuxtesting.org). [1] https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/

INFO

Published Date :

2024-10-21T18:02:34.442Z

Last Modified :

2026-01-05T10:54:36.870Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49992 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49992.

URL Resource
https://git.kernel.org/stable/c/0a1741d10da29aa84955ef89ae9a03c4b6038657 cve-icon cve-icon
https://git.kernel.org/stable/c/19dd9780b7ac673be95bf6fd6892a184c9db611f cve-icon cve-icon
https://git.kernel.org/stable/c/454e5d7e671946698af0f201e48469e5ddb42851 cve-icon cve-icon
https://git.kernel.org/stable/c/b22eec4b57d04befa90e8554ede34e6c67257606 cve-icon cve-icon
https://git.kernel.org/stable/c/d02611ff001454358be6910cb926799e2d818716 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024102137-CVE-2024-49992-fd66@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49992 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49992 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact