7.8
CVE-2024-49852
- EPSS 0.21%
- Veröffentlicht 21.10.2024 13:15:05
- Zuletzt bearbeitet 03.11.2025 23:16:25
- CVE-Watchlists
- Unerledigt
scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the refcount drops to zero. The nport->release release function is _efc_nport_free() which frees "nport". But then we dereference "nport" on the next line which is a use after free. Re-order these lines to avoid the use after free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.14 < 5.15.168
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.113
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.54
Linux ≫ Linux Kernel Version >= 6.7 < 6.10.13
Linux ≫ Linux Kernel Version >= 6.11 < 6.11.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.109 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/16a570f07d870a285b0c0b0d1ca4dff79e8aa5ff
https://git.kernel.org/stable/c/2e4b02fad094976763af08fec2c620f4f8edd9ae
https://git.kernel.org/stable/c/7c2908985e4ae0ea1b526b3916de9e5351650908
https://git.kernel.org/stable/c/98752fcd076a8cbc978016eae7125b4971be1eec
https://git.kernel.org/stable/c/abc71e89170ed32ecf0a5a29f31aa711e143e941
https://git.kernel.org/stable/c/baeb8628ab7f4577740f00e439d3fdf7c876b0ff
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html