CVE-2024-44997Use After Free in Linux

CWE-416Use After Free6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedSep 4
Latest updateSep 10

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X. Previously, cb_priv was freed in mtk_wed_setup_tc_block() without marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too. Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL in

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel6.26.6.48+2
Debianlinux/linux_kernel< 6.10.7-1+1
CVEListV5linux/linux799684448e3e1f57257a6155541e53510488f67b326a89321f9d5fe399fe6f9ff7c0fc766582a6a0+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2024-44997: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() Wh2024-09-04
GHSA
GHSA-2jrr-ff5x-5jqg: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()2024-09-04

📋Vendor Advisories

3
Microsoft
net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()2024-09-10
Red Hat
kernel: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()2024-09-04
Debian
CVE-2024-44997: linux - In the Linux kernel, the following vulnerability has been resolved: net: ethern...2024
CVE-2024-44997 — Use After Free in Linux | cvebase