CVE-2024-38583Use After Free in Linux

CWE-416Use After Free45 documents7 sources
Severity
7.8HIGHNVD
OSV6.5OSV5.5
EPSS
0.0%
top 98.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJun 19
Latest updateOct 17

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

NVDlinux/linux_kernel2.6.354.19.316+7
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.4.0-192.212+4

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
linux-azure vulnerabilities2024-10-17
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-09-26
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-09-23
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23

📋Vendor Advisories

22
Ubuntu
Linux kernel (Azure) vulnerabilities2024-10-17
Ubuntu
Linux kernel vulnerabilities2024-09-26
Ubuntu
Linux kernel vulnerabilities2024-09-25
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23