CVE-2024-49852

Oct. 23, 2024, 4:14 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the refcount drops to zero. The nport->release release function is _efc_nport_free() which frees "nport". But then we dereference "nport" on the next line which is a use after free. Re-order these lines to avoid the use after free.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/16a570f07d870a285b0c0b0d1ca4dff79e8aa5ff
https://git.kernel.org/stable/c/2e4b02fad094976763af08fec2c620f4f8edd9ae
https://git.kernel.org/stable/c/7c2908985e4ae0ea1b526b3916de9e5351650908
https://git.kernel.org/stable/c/98752fcd076a8cbc978016eae7125b4971be1eec
https://git.kernel.org/stable/c/abc71e89170ed32ecf0a5a29f31aa711e143e941
https://git.kernel.org/stable/c/baeb8628ab7f4577740f00e439d3fdf7c876b0ff

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2024-10-21
CVE-2024-49852

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Oct. 21, 2024, 1:15 p.m.
Last Modified: Oct. 23, 2024, 4:14 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.