CVE-2024-26983 — Use After Free in Linux
Severity
7.8HIGHNVD
OSV6.8
EPSS
0.0%
top 98.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateJul 26
Description
In the Linux kernel, the following vulnerability has been resolved:
bootconfig: use memblock_free_late to free xbc memory to buddy
On the time to free xbc memory in xbc_exit(), memblock may has handed
over memory to buddy allocator. So it doesn't make sense to free memory
back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs
on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86.
Following KASAN logs shows this case.
This patch fixes the xbc memory free proble…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages15 packages
▶CVEListV5linux/linux40caa127f3c7279c75cb0c9684559fa314ee3a66 — 1e7feb31a18c197d63a5e606025ed63c762f8918+4
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities↗2024-07-11
GHSA▶
GHSA-vxff-46qf-f9jx: In the Linux kernel, the following vulnerability has been resolved:
bootconfig: use memblock_free_late to free xbc memory to buddy
On the time to fr↗2024-05-01
📋Vendor Advisories
7💬Community
1Bugzilla
▶