7.8
CVE-2024-27049
- EPSS 0.28%
- Veröffentlicht 01.05.2024 13:15:50
- Zuletzt bearbeitet 23.12.2024 19:11:05
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
wifi: mt76: mt7925e: fix use-after-free in free_irq()
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7925e: fix use-after-free in free_irq()
From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test
to make sure the shared irq handler should be able to handle the unexpected
event after deregistration. For this case, let's apply MT76_REMOVED flag to
indicate the device was removed and do not run into the resource access
anymore.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.11
Linux ≫ Linux Kernel Version >= 6.8 < 6.8.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.192 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f
https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5
https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9