CVE-2024-41040Use After Free in Linux

CWE-416Use After Free31 documents8 sources
Severity
7.0HIGHNVD
OSV5.5
EPSS
0.0%
top 98.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 29
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by task handler130/6469 Call Trace: dump_stack_lvl+0x48/0x70 print_address_description.constprop.0+0x33/0x3d0 print_report+0xc0/0x2b0 kasan_report+0xd0/0x120 __asan_load1+0x6c/0x80 tcf_ct_flow_table_process_conn+0x12b/0x380 [

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.10.435.10.222+5
Debianlinux/linux_kernel< 5.10.223-1+3
Ubuntulinux/linux_kernel< 5.15.0-121.131+1
CVEListV5linux/linuxf07c548314776231f0d47d73ec6caa5b17e876e8b81a523d54ea689414f67c9fb81a5b917a41ed55+7
debiandebian/linux< linux 6.1.106-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23
OSV
linux-raspi vulnerabilities2024-09-23
OSV
linux-ibm-5.15, linux-oracle-5.15 vulnerabilities2024-09-23
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18

📋Vendor Advisories

15
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel vulnerabilities2024-09-25
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23

🕵️Threat Intelligence

1
Microsoft
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-410822022-10-01