CVE-2024-49855

EPSS 0.05%
Veröffentlicht 21.10.2024 13:15:06
Zuletzt bearbeitet 03.11.2025 23:16:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

nbd: fix race between timeout and normal completion

If request timetout is handled by nbd_requeue_cmd(), normal completion
has to be stopped for avoiding to complete this requeued request, other
use-after-free can be triggered.

Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime
make sure that cmd->lock is grabbed for clearing the flag and the
requeue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.18.4 < 5.19

Linux ≫ Linux Kernel Version >= 5.19 < 6.1.113

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.54

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.13

Linux ≫ Linux Kernel Version >= 6.11 < 6.11.2

Linux ≫ Linux Kernel Version5.17.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7

Patch

https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d

Patch

https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc

Patch

https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b

Patch

https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-49855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49855

EUVD