{"id":"CVE-2024-33619","summary":"efi: libstub: only free priv.runtime_map when allocated","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nefi: libstub: only free priv.runtime_map when allocated\n\npriv.runtime_map is only allocated when efi_novamap is not set.\nOtherwise, it is an uninitialized value.  In the error path, it is freed\nunconditionally.  Avoid passing an uninitialized value to free_pool.\nFree priv.runtime_map only when it was allocated.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.","modified":"2026-05-15T11:54:06.279734067Z","published":"2024-06-21T10:18:05.007Z","related":["SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33619.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4b2543f7e1e6b91cfc8dd1696e3cdf01c3ac8974"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ca67a5fe1c606d1fbe24c30a9fc0bdc43a18554"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9dce01f386c9ce6990c0a83fa14b1c95330b037e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b8938d6f570f010a1dcdbfed3e5b5d3258c2a908"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33619.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33619"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.93"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.33"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.9.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33619.json"}}],"schema_version":"1.7.5"}