CVE-2024-53171Use After Free in Linux

CWE-416Use After Free76 documents8 sources
Severity
7.8HIGHNVD
OSV8.8OSV5.5
EPSS
0.0%
top 98.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedDec 27
Latest updateNov 17

Description

In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit After an insertion in TNC, the tree might split and cause a node to change its `znode->parent`. A further deletion of other nodes in the tree (which also could free the nodes), the aforementioned node's `znode->cparent` could still point to a freed node. This `znode->cparent` may not be updated when getting nodes to commit in `ubifs_tnc_start_commit()`. This cou

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel4.205.4.287+6
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-211.231+3
CVEListV5linux/linux16a26b20d2afd0cf063816725b45b12e78d5bb31daac4aa1825de0dbc1a6eede2fa7f9fc53f14223+8

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

36
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-26
OSV
linux-raspi-realtime vulnerabilities2025-05-20
OSV
linux-gcp-5.15 vulnerabilities2025-04-28

📋Vendor Advisories

39
Ubuntu
Kernel Live Patch Security Notice2025-11-17
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Kernel Live Patch Security Notice2025-07-10
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
CVE-2024-53171 — Use After Free in Linux | cvebase