PRIOn Logo

CVE-2024-40932 Spoofing

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed. Fix it.

CWE: CWE-401
CVSS v2-
CVSS v35.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819
https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8
https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003
https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226
https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1
https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224
https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d
https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e
Affected Vendors

Linux - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Spoofing

CVSS Scores as calculated by PRIOnengine
CVSS v23.6
AV:L/AC:L/AU:N/C:P/I:N/A:P
CVSS v38.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

WASC-8 - Cross Site Scripting