CVE-2024-40935Use After Free in Linux

CWE-416Use After FreeCWE-99Resource Injection19 documents6 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 97.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 12
Latest updateSep 23

Description

In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILES_DEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILES_DEAD, the cachefiles_daemon_write() will always return -EIO, so the daemon can't pass the copen to the kernel. Then the kernel process that is waiting for the copen triggers a hung_task. Since the DEAD state is irreversible, it can only be exited by closing /

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.196.1.95+3
Debianlinux/linux_kernel< 6.1.99-1+2
Ubuntulinux/linux_kernel< 6.8.0-44.44
CVEListV5linux/linuxc8383054506c77b814489c09877b5db83fd4abf2320ba9cbca78be79c912143bbba1d1b35ca55cf0+4
debiandebian/linux< linux 6.1.99-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux-hwe-6.82024-09-23
OSV
linux-raspi vulnerabilities2024-09-23
OSV
linux-lowlatency-hwe-6.8 vulnerabilities2024-09-13
OSV
linux-nvidia-6.8 vulnerabilities2024-09-13
OSV
linux-nvidia, linux-nvidia-lowlatency vulnerabilities2024-09-12

📋Vendor Advisories

9
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-13
Ubuntu
Linux kernel vulnerabilities2024-09-13
Ubuntu
Linux kernel vulnerabilities2024-09-12