CVE-2024-58002 — Use After Free in Linux

CWE-416 — Use After Free90 documents7 sources

Severity

7.8HIGHNVD

OSV8.8OSV7.1OSV5.9OSV5.5

EPSS

0.0%

top 98.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +5 more

Timeline

PublishedFeb 27

Latest updateSep 3

Description

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointe…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶NVDlinux/linux_kernel4.19 — 6.6.80+2

▶Debianlinux/linux_kernel< 5.10.237-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-216.236+2

▶msrcmsrc/azl3_kernel_6.6.78.1-3_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.82.1-1_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities↗2025-09-03

▶

OSV

linux-raspi vulnerabilities↗2025-07-24

▶

OSV

linux-raspi-realtime vulnerabilities↗2025-07-24

▶

OSV

linux-gcp, linux-gcp-6.8 vulnerabilities↗2025-07-22

▶

OSV

linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities↗2025-07-22

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-09-03

▶

Ubuntu

Linux kernel (Raspberry Pi Real-time) vulnerabilities↗2025-07-24

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-07-24

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2025-07-22

▶

Ubuntu

Linux kernel vulnerabilities↗2025-07-22

▶