CVE-2024-38385

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38385
In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 Patch
https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba Patch
https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 Patch
https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 Patch
https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba Patch
https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

21 Nov 2024, 09:25

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - Patch () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - Patch
References () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - Patch () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - Patch
References () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - Patch () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - Patch

03 Sep 2024, 17:59

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: genirq/irqdesc: Impide el use-after-free en irq_find_at_or_after() irq_find_at_or_after() elimina la referencia al descriptor de interrupción que devuelve mt_find() mientras no mantiene sparse_irq_lock ni el bloqueo de lectura de RCU, lo que significa que el descriptor se puede liberar entre mt_find() y la desreferencia: CPU0 CPU1 desc = mt_find() delay_free_desc(desc) irq_desc_get_irq(desc) KASAN informa el use-after-free: Rastreo de llamadas: irq_get_next_irq+0x58/0x84 show_stat+ 0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Liberado por la tarea 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 retardado_free_desc+ 0x14/0x2c rcu_do_batch+0x214/0x720 Protege el acceso con una sección de bloqueo de lectura de RCU.
First Time Linux
Linux linux Kernel
CWE CWE-416
References () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - () https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 - Patch
References () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - () https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba - Patch
References () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - () https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 - Patch

25 Jun 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-25 15:15

Updated : 2024-11-21 09:25

NVD link : CVE-2024-38385

Mitre link : CVE-2024-38385

CVE.ORG link : CVE-2024-38385

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024