CVE-2024-56678Use After Free in Linux

CWE-416Use After Free51 documents6 sources
Severity
7.8HIGHNVD
OSV8.8
EPSS
0.0%
top 97.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedDec 28
Latest updateMay 26

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copy_from_kernel_nofault() can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copy_from_kernel_nofault() can cause page faults. Since *_nofault() functions define their own fixup table for handling fault, use that instead of asking kfence to handle such faults. Hence we search the exception tables for the nip whi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.135.15.174+4
Debianlinux/linux_kernel< 6.1.123-1+2
Ubuntulinux/linux_kernel< 5.15.0-135.146+2
CVEListV5linux/linux90cbac0e995dd92f7bcf82f74aa50250bf194a4ae0a470b5733c1fe068d5c58b0bb91ad539604bc6+6
debiandebian/linux< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

25
OSV
linux-raspi vulnerabilities2025-05-26
OSV
linux-raspi-realtime vulnerabilities2025-05-20
OSV
linux-gcp-5.15 vulnerabilities2025-04-28
OSV
linux-azure-nvidia vulnerabilities2025-04-28
OSV
linux-intel-iotg-5.15 vulnerabilities2025-04-24

📋Vendor Advisories

25
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-26
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-05-20
Ubuntu
Linux kernel (GCP) vulnerabilities2025-04-28
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2025-04-28
Ubuntu
Linux kernel (IBM) vulnerabilities2025-04-24