7.8

CVE-2024-42280

mISDN: Fix a use after free in hfcmulti_tx()

In the Linux kernel, the following vulnerability has been resolved:

mISDN: Fix a use after free in hfcmulti_tx()

Don't dereference *sp after calling dev_kfree_skb(*sp).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.27 < 4.19.320
LinuxLinux Kernel Version >= 4.20 < 5.4.282
LinuxLinux Kernel Version >= 5.5 < 5.10.224
LinuxLinux Kernel Version >= 5.11 < 5.15.165
LinuxLinux Kernel Version >= 5.16 < 6.1.103
LinuxLinux Kernel Version >= 6.2 < 6.6.44
LinuxLinux Kernel Version >= 6.7 < 6.10.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.152
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/4d8b642985ae24f4b3656438eb8489834a17bb80
Patch
https://git.kernel.org/stable/c/61ab751451f5ebd0b98e02276a44e23a10110402
Patch
https://git.kernel.org/stable/c/70db2c84631f50e02e6b32b543700699dd395803
Patch
https://git.kernel.org/stable/c/7e4a539bca7d8d20f2c5d93c18cce8ef77cd78e0
Patch
https://git.kernel.org/stable/c/8f4030277dfb9dbe04fd78566b19931097c9d629
Patch
https://git.kernel.org/stable/c/9460ac3dd1ae033bc2b021a458fb535a0c36ddb2
Patch
https://git.kernel.org/stable/c/d3e4d4a98c5629ccdcb762a0ff6c82ba9738a0c3
Patch
https://git.kernel.org/stable/c/ddc79556641ee070d36be0de4a1f0a16a71f1fc7
Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html