CVE-2024-35792

EPSS 0.1%
Veröffentlicht 17.05.2024 13:15:58
Zuletzt bearbeitet 21.11.2024 09:20:54
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

crypto: rk3288 - Fix use after free in unprepare

The unprepare call must be carried out before the finalize call
as the latter can free the request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.6 < 6.6.24

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.12

Linux ≫ Linux Kernel Version6.8 Updaterc1

Linux ≫ Linux Kernel Version6.8 Updaterc2

Linux ≫ Linux Kernel Version6.8 Updaterc3

Linux ≫ Linux Kernel Version6.8 Updaterc4

Linux ≫ Linux Kernel Version6.8 Updaterc5

Linux ≫ Linux Kernel Version6.8 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/48dd260fdb728eda4a246f635d1325e82f0d3555

Patch

Mailing List

https://git.kernel.org/stable/c/c0afb6b88fbbc177fa322a835f874be217bffe45

Patch

Mailing List

https://git.kernel.org/stable/c/eb2a41a8ae8c8c4f68aef3bd94665c0cf23e04be

Patch

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-35792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35792

EUVD