CVE-2024-50127

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*

History

08 Nov 2024, 19:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/0d4c0d2844e4eac3aed647f948fd7e60eea56a61 - () https://git.kernel.org/stable/c/0d4c0d2844e4eac3aed647f948fd7e60eea56a61 - Patch
References () https://git.kernel.org/stable/c/2240f9376f20f8b6463232b4ca7292569217237f - () https://git.kernel.org/stable/c/2240f9376f20f8b6463232b4ca7292569217237f - Patch
References () https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3 - () https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3 - Patch
References () https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f - () https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f - Patch
References () https://git.kernel.org/stable/c/999612996df28d81f163dad530d7f8026e03aec6 - () https://git.kernel.org/stable/c/999612996df28d81f163dad530d7f8026e03aec6 - Patch
References () https://git.kernel.org/stable/c/f504465970aebb2467da548f7c1efbbf36d0f44b - () https://git.kernel.org/stable/c/f504465970aebb2467da548f7c1efbbf36d0f44b - Patch
References () https://git.kernel.org/stable/c/fe371f084073e8672a2d7d46b335c3c060d1e301 - () https://git.kernel.org/stable/c/fe371f084073e8672a2d7d46b335c3c060d1e301 - Patch
CWE CWE-416
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*

08 Nov 2024, 16:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/2f868ce6013548a713c431c679ef73747a66fcf3 -
  • () https://git.kernel.org/stable/c/8a283a19026aaae8a773fd8061263cfa315b127f -

06 Nov 2024, 18:17

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: arreglado use-after-free en taprio_change(). En 'taprio_change()', el puntero 'admin' puede quedar colgando debido al cambio/eliminación de sched causado por 'advance_sched()', y la sección crítica protegida por 'q->current_entry_lock' es demasiado pequeña para evitar tal escenario (que causa el use-after-free detectado por KASAN). Solucione esto al preferir 'rcu_replace_pointer()' sobre 'rcu_assign_pointer()' para actualizar 'admin' inmediatamente antes de un intento de liberación de programación.

05 Nov 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-05 18:15

Updated : 2024-12-11 15:15


NVD link : CVE-2024-50127

Mitre link : CVE-2024-50127

CVE.ORG link : CVE-2024-50127


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free