7.8

CVE-2024-41149

block: avoid to reuse `hctx` not removed from cpuhp callback list

In the Linux kernel, the following vulnerability has been resolved:

block: avoid to reuse `hctx` not removed from cpuhp callback list

If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it,
otherwise use-after-free may be triggered.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version6.12.6
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.119
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/85672ca9ceeaa1dcf2777a7048af5f4aee3fd02b
Patch
https://git.kernel.org/stable/c/b5792c162dcf6197bf3d2de2be6c8169435b73d0
Patch
https://git.kernel.org/stable/c/ee18012c80155f6809522804099621070c69ec72
Patch