{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: media: uvcvideo: Fix double free in error path",
    "id" : "2348599",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2348599"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-415",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmedia: uvcvideo: Fix double free in error path\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev->status pointer but doesn't reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev->status pointer to\nNULL after freeing it.\nReviewed by: Ricardo Ribalda <ribalda@chromium.org>" ],
  "statement" : "The bug could happen on error path if memory allocation failed. For the Linux Kernel this condition is impossible until system already failed. This type of bugs are complex to trigger (making system out of memory) and considered to affect availability only. The security impact is limited.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-07-21T00:00:00Z",
    "advisory" : "RHSA-2025:11428",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.22.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-08-27T00:00:00Z",
    "advisory" : "RHSA-2025:14746",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt_els:7",
    "package" : "kernel-rt-0:3.10.0-1160.137.1.rt56.1289.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-08-27T00:00:00Z",
    "advisory" : "RHSA-2025:14748",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "kernel-0:3.10.0-1160.137.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-16T00:00:00Z",
    "advisory" : "RHSA-2025:11299",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.62.1.rt7.403.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-16T00:00:00Z",
    "advisory" : "RHSA-2025:11298",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.62.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-08-20T00:00:00Z",
    "advisory" : "RHSA-2025:14136",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.164.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-08-06T00:00:00Z",
    "advisory" : "RHSA-2025:13120",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.166.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-08-06T00:00:00Z",
    "advisory" : "RHSA-2025:13120",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.166.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-08-13T00:00:00Z",
    "advisory" : "RHSA-2025:13776",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.157.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-08-13T00:00:00Z",
    "advisory" : "RHSA-2025:13776",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.157.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-08-13T00:00:00Z",
    "advisory" : "RHSA-2025:13776",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.157.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-08-05T00:00:00Z",
    "advisory" : "RHSA-2025:13061",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.104.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-08-05T00:00:00Z",
    "advisory" : "RHSA-2025:13061",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.104.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11861",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.30.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:11861",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.30.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12526",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.140.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12525",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.140.1.rt21.212.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-29T00:00:00Z",
    "advisory" : "RHSA-2025:12209",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.128.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-30T00:00:00Z",
    "advisory" : "RHSA-2025:12311",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.128.1.rt14.413.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-08-06T00:00:00Z",
    "advisory" : "RHSA-2025:13135",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.81.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-57980\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57980\nhttps://lore.kernel.org/linux-cve-announce/2025022634-CVE-2024-57980-4b5a@gregkh/T" ],
  "name" : "CVE-2024-57980",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module uvcvideo from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}