CVE-2024-42302Use After Free in Linux

CWE-416Use After Free26 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.5
EPSS
0.0%
top 93.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedAug 17
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits readiness of the secondary bus below the Downstream Port where the DPC event occurred. To do so, it polls the config space of the first child device on the secondary bus. If that child device is concurrently removed, acce

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

NVDlinux/linux_kernel5.10.1765.10.224+4
Debianlinux/linux_kernel< 5.10.226-1+3
Ubuntulinux/linux_kernel< 5.15.0-125.135+1

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux-azure, linux-azure-6.8 vulnerabilities2025-01-09
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-hwe-6.8 vulnerabilities2025-01-06
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities2024-12-12

📋Vendor Advisories

13
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (HWE) vulnerabilities2025-01-06
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-12-12
CVE-2024-42302 — Use After Free in Linux | cvebase