CVE-2024-38385

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38385

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.

References
Link Resource
https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 Patch
https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba Patch
https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 Patch
https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 Patch
https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba Patch
https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

21 Nov 2024, 09:25

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - Patch () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - Patch
References () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - Patch () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - Patch
References () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - Patch () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - Patch

03 Sep 2024, 17:59

Type Values Removed Values Added
CWE CWE-416
References () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - Patch
References () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - Patch
References () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - Patch
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: genirq/irqdesc: Impide el use-after-free en irq_find_at_or_after() irq_find_at_or_after() elimina la referencia al descriptor de interrupción que devuelve mt_find() mientras no mantiene sparse_irq_lock ni el bloqueo de lectura de RCU, lo que significa que el descriptor se puede liberar entre mt_find() y la desreferencia: CPU0 CPU1 desc = mt_find() delay_free_desc(desc) irq_desc_get_irq(desc) KASAN informa el use-after-free: Rastreo de llamadas: irq_get_next_irq+0x58/0x84 show_stat+ 0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Liberado por la tarea 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 retardado_free_desc+ 0x14/0x2c rcu_do_batch+0x214/0x720 Protege el acceso con una sección de bloqueo de lectura de RCU.
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

25 Jun 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-25 15:15

Updated : 2024-11-21 09:25

NVD link : CVE-2024-38385

Mitre link : CVE-2024-38385

CVE.ORG link : CVE-2024-38385

JSON object : View

Products Affected

linux

CWE
CWE-416

Use After Free