CVE-2024-1312Use After Free in Kernel

CWE-416Use After Free8 documents8 sources
Severity
4.7MEDIUMNVD
CNA5.1
EPSS
0.0%
top 93.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelFedoraproject Fedora
Timeline
PublishedFeb 8
Latest updateFeb 13

Description

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

NVDlinux/linux_kernel< 6.5+1
Debianlinux/linux_kernel< 6.4.11-1+1

Also affects: Fedora 39

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2024-1312: A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_p2024-02-08
GHSA
GHSA-798f-8qgx-h85f: A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_p2024-02-08
CVEList
Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu2024-02-08

📋Vendor Advisories

3
Microsoft
Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu2024-02-13
Debian
CVE-2024-1312: linux - A use-after-free flaw was found in the Linux kernel's Memory Management subsyste...2024
Red Hat
kernel: Race condition leads to use after free during VMA lock in lock_vma_under_rcu2023-07-26

💬Community

1
Bugzilla
CVE-2024-1312 kernel: Race condition leads to use after free during VMA lock in lock_vma_under_rcu2023-07-25
CVE-2024-1312 — Use After Free in Linux Kernel | cvebase