CVE-2024-42280

EPSS 0.01%
Published 17.08.2024 09:15:08
Last modified 03.11.2025 22:17:54
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

mISDN: Fix a use after free in hfcmulti_tx()

Don't dereference *sp after calling dev_kfree_skb(*sp).

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.27 < 4.19.320

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.282

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.224

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.165

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.103

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.44

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/4d8b642985ae24f4b3656438eb8489834a17bb80

Patch

https://git.kernel.org/stable/c/61ab751451f5ebd0b98e02276a44e23a10110402

Patch

https://git.kernel.org/stable/c/70db2c84631f50e02e6b32b543700699dd395803

Patch

https://git.kernel.org/stable/c/7e4a539bca7d8d20f2c5d93c18cce8ef77cd78e0

Patch

https://git.kernel.org/stable/c/8f4030277dfb9dbe04fd78566b19931097c9d629

Patch

https://git.kernel.org/stable/c/9460ac3dd1ae033bc2b021a458fb535a0c36ddb2

Patch