CVE-2024-38627

Advisory lineage Upstream: 0 Downstream: 45
Modified
Published: 21 Jun 2024, 10:18
Last modified:23 May 2026, 15:49

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

21 Jun 2024, 10:18
Published
Vulnerability first disclosed
23 May 2026, 15:49
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 7%

Techniques & Countermeasures

  • CWE-415Double Free

    The product calls free() twice on the same memory address.

Affected Systems

  • linuxlinux

    ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < 6cc30ef8eb6d8f8d6df43152264bbf8835d99931 | ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < a0450d3f38e7c6c0a7c0afd4182976ee15573695 | ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < 713fc00c571dde4af3db2dbd5d1b0eadc327817b | ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < 7419df1acffbcc90037f6b5a2823e81389659b36 | ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < 4bfd48bb6e62512b9c392c5002c11e1e3b18d247 | ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < 370c480410f60b90ba3e96abe73ead21ec827b20 | ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < d782a2db8f7ac49c33b9ca3e835500a28667d1be | ≥ 389b6699a2aa0b457aa69986e9ddf39f3b4030fd, < 3df463865ba42b8f88a590326f4c9ea17a1ce459 | b0351a51ffda593b2b1b35dd0c00a73505edb256 | ≥ 4.4.178, < 4.5 | 4.7

  • linuxlinux_kernel

    ≥ 4.7, < 4.19.316 | ≥ 4.20, < 5.4.278 | ≥ 5.5, < 5.10.219 | ≥ 5.11, < 5.15.161 | ≥ 5.16, < 6.1.93 | ≥ 6.2, < 6.6.33 | ≥ 6.7, < 6.9.4

References (9)