CVE-2024-49925

In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UAF race during unregistering where the sysctl attributes were usable after the info struct was freed.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

13 Nov 2024, 18:47

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CWE CWE-416
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/36bfefb6baaa8e46de44f4fd919ce4347337620f - () https://git.kernel.org/stable/c/36bfefb6baaa8e46de44f4fd919ce4347337620f - Patch
References () https://git.kernel.org/stable/c/4684d69b9670a83992189f6271dc0fcdec4ed0d7 - () https://git.kernel.org/stable/c/4684d69b9670a83992189f6271dc0fcdec4ed0d7 - Patch
References () https://git.kernel.org/stable/c/872cd2d029d2c970a8a1eea88b48dab2b3f2e93a - () https://git.kernel.org/stable/c/872cd2d029d2c970a8a1eea88b48dab2b3f2e93a - Patch
References () https://git.kernel.org/stable/c/95cdd538e0e5677efbdf8aade04ec098ab98f457 - () https://git.kernel.org/stable/c/95cdd538e0e5677efbdf8aade04ec098ab98f457 - Patch

23 Oct 2024, 15:13

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: efifb: Registrar grupos sysfs a través del núcleo del controlador El núcleo del controlador ya puede registrar y limpiar grupos sysfs. Utilice esa funcionalidad para simplificar el manejo y la limpieza de errores. También evite una ejecución UAF durante la anulación del registro donde los atributos sysctl se podían usar después de que se liberara la estructura de información.

21 Oct 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 18:15

Updated : 2024-11-13 18:47


NVD link : CVE-2024-49925

Mitre link : CVE-2024-49925

CVE.ORG link : CVE-2024-49925


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free