CVE-2024-38588Use After Free in Linux

CWE-416Use After Free48 documents7 sources
Severity
7.8HIGHNVD
OSV6.5OSV5.5
EPSS
0.0%
top 98.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedJun 19
Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel3.75.4.286+6
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-211.231+2
CVEListV5linux/linuxae6aa16fdc163afe6b04b6c073ad4ddd4663c03beea46baf145150910ba134f75a67106ba2222c1b+8
debiandebian/linux< linux 6.1.94-1 (bookworm)

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

24
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-ibm-5.4 vulnerabilities2025-04-24
OSV
linux-iot vulnerabilities2025-04-03
OSV
linux-aws-fips vulnerabilities2025-04-01

📋Vendor Advisories

23
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (IBM) vulnerabilities2025-04-24
Ubuntu
Linux kernel (IoT) vulnerabilities2025-04-03
Ubuntu
Linux kernel (AWS) vulnerabilities2025-04-01