CVE-2024-36899Race Condition in Linux

CWE-362Race ConditionCWE-416Use After Free37 documents7 sources
Severity
7.0HIGHNVD
OSV7.8OSV6.5
EPSS
0.0%
top 99.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedMay 30
Latest updateApr 28

Description

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(), but the unregistration of lineinfo_changed_nb notifier chain failed due to waiting write rwsem. Additionally, one of the GPIO chip's lines is also in the release process and holds the notifier chain's r

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel5.76.6.31+2
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.15.0-135.146+1
CVEListV5linux/linux51c1064e82e77b39a49889287ca50709303e2f262dfbb920a89bdc58087672ad5325dc6c588b6860+6
debiandebian/linux< linux 6.1.128-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

17
OSV
linux-gcp-5.15 vulnerabilities2025-04-28
OSV
linux-intel-iotg-5.15 vulnerabilities2025-04-24
OSV
linux-ibm-5.15 vulnerabilities2025-04-24
OSV
linux-azure-5.15, linux-azure-fde-5.15 vulnerabilities2025-04-07
OSV
linux-hwe-5.15 vulnerabilities2025-04-02

📋Vendor Advisories

18
Ubuntu
Linux kernel (GCP) vulnerabilities2025-04-28
Ubuntu
Linux kernel (IBM) vulnerabilities2025-04-24
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-04-24
Ubuntu
Linux kernel (Azure) vulnerabilities2025-04-07
Ubuntu
Linux kernel (HWE) vulnerabilities2025-04-02

💬Community

1
Bugzilla
CVE-2024-36899 kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify2024-06-03