7.8
CVE-2024-40989
- EPSS 0.3%
- Veröffentlicht 12.07.2024 13:15:20
- Zuletzt bearbeitet 03.11.2025 22:17:20
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
KVM: arm64: Disassociate vcpus from redistributor region on teardown
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.13 < 6.1.96
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.36
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.7
Linux ≫ Linux Kernel Version6.10 Updaterc1
Linux ≫ Linux Kernel Version6.10 Updaterc2
Linux ≫ Linux Kernel Version6.10 Updaterc3
Linux ≫ Linux Kernel Version6.10 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.21 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8
https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76
https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c
https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html