VYPR
Unrated severityNVD Advisory· Published Feb 27, 2025· Updated Nov 3, 2025

media: uvcvideo: Fix double free in error path

CVE-2024-57980

Description

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Fix double free in error path

If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it.

Reviewed by: Ricardo Ribalda <ribalda@chromium.org>

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

149

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.