7.8
CVE-2024-50127
- EPSS 0.25%
- Veröffentlicht 05.11.2024 18:15:15
- Zuletzt bearbeitet 12.05.2026 13:16:17
- CVE-Watchlists
- Unerledigt
net: sched: fix use-after-free in taprio_change()
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.2 < 5.15.170
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.115
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.59
Linux ≫ Linux Kernel Version >= 6.7 < 6.11.6
Linux ≫ Linux Kernel Version6.12 Updaterc1
Linux ≫ Linux Kernel Version6.12 Updaterc2
Linux ≫ Linux Kernel Version6.12 Updaterc3
Linux ≫ Linux Kernel Version6.12 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.158 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/0d4c0d2844e4eac3aed647f948fd7e60eea56a61
https://git.kernel.org/stable/c/2240f9376f20f8b6463232b4ca7292569217237f
https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3
https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f
https://git.kernel.org/stable/c/999612996df28d81f163dad530d7f8026e03aec6
https://git.kernel.org/stable/c/f504465970aebb2467da548f7c1efbbf36d0f44b
https://git.kernel.org/stable/c/fe371f084073e8672a2d7d46b335c3c060d1e301
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html