CVE-2024-43900Use After Free in Linux

CWE-416Use After Free73 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 94.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedAug 26
Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the module initialization failed, the struct tuner was released. A worker which created during module initialization accesses this struct tuner later, it caused use-after-free. The process is as follows: task-6504 worker_thr

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel6.26.6.46+2
Debianlinux/linux_kernel< 6.1.106-1+2
Ubuntulinux/linux_kernel< 5.4.0-211.231+5
CVEListV5linux/linux61a96113de51e1f8f43ac98cbeadb54e60045905ef517bdfc01818419f7bd426969a0c86b14f3e0e+4
debiandebian/linux< linux 6.1.106-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

36
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-gcp-5.15 vulnerabilities2025-04-28
OSV
linux-intel-iotg-5.15 vulnerabilities2025-04-24
OSV
linux-ibm-5.15 vulnerabilities2025-04-24

📋Vendor Advisories

36
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (GCP) vulnerabilities2025-04-28
Ubuntu
Linux kernel (IBM) vulnerabilities2025-04-24
Ubuntu
Linux kernel (IBM) vulnerabilities2025-04-24