CVE-2024-53165: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53165 is a use-after-free vulnerability discovered in the Linux kernel's interrupt controller (INTC) subsystem. The vulnerability was identified in the registerintccontroller() function where a memory management issue could occur during error handling. The issue was discovered on December 27, 2024, and affects Linux kernel versions from 2.6.30 up to versions before 6.12.2 (NVD).

The vulnerability exists in the registerintccontroller() function within the Linux kernel's INTC subsystem. The issue occurs when 'd' is freed without being removed from intc_list during error handling, leading to a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with potential for high impact on confidentiality, integrity, and availability (NVD).

The vulnerability could allow an attacker with local access to potentially execute code, cause denial of service, or compromise system security through the exploitation of the use-after-free condition in the interrupt controller subsystem (NVD).

The vulnerability has been fixed by modifying the registerintccontroller() function to add the element to intc_list only after all operations have successfully completed. The fix has been implemented in various kernel versions through patches (Kernel Patch).