CVE-2024-47732: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compression_modes[i]->free() a few lines later resulting in a use after free. The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)
CVE-2024-47732CVSS 5.5Linux

CVE-2024-47732: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compression_modes[i]->free() a few lines later resulting in a use after free. The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)

CVSS
5.5 MEDIUM
EPSS
12.87%
Активно використовується
немає в KEV
Продукт
linux kernel

Що відомо

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compression_modes[i]->free() a few lines later resulting in a use after free. The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)

Джерела

Безпекові сповіщення

Отримуйте CVE-сповіщення до того, як вони стануть інцидентом

Надсилаємо вибрані інфраструктурні загрози українською з практичними нотатками для середовищ DataHouse.

  • DataHouse: адміністрування серверів і безпечна хмара
  • Hostilla.pl: хостинг і поштові послуги
  • SecDNS.pl: безплатний рівень DNS-безпеки