CVE-2024-27049

EPSS 0.01%
Published 01.05.2024 13:15:50
Last modified 23.12.2024 19:11:05
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925e: fix use-after-free in free_irq()

From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test
to make sure the shared irq handler should be able to handle the unexpected
event after deregistration. For this case, let's apply MT76_REMOVED flag to
indicate the device was removed and do not run into the resource access
anymore.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.11

Linux ≫ Linux Kernel Version >= 6.8 < 6.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.015

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f

Patch

https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5

Patch

https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-27049

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27049

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27049

EUVD