CVE-2024-53165

Jan. 14, 2025, 4:12 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/3c7c806b3eafd94ae0f77305a174d63b69ec187c
https://git.kernel.org/stable/c/588bdec1ff8b81517dbae0ae51c9df52c0b952d3
https://git.kernel.org/stable/c/63e72e551942642c48456a4134975136cdcb9b3c
https://git.kernel.org/stable/c/6ba6e19912570b2ad68298be0be1dc779014a303
https://git.kernel.org/stable/c/971b4893457788e0e123ea552f0bb126a5300e61
https://git.kernel.org/stable/c/b8b84dcdf3ab1d414304819f824b10efba64132c
https://git.kernel.org/stable/c/c3f4f4547fb291982f5ef56c048277c4d5ccc4e4
https://git.kernel.org/stable/c/c43df7dae28fb9fce96ef088250c1e3c3a77c527
https://git.kernel.org/stable/c/d8de818df12d86a1a26a8efd7b4b3b9c6dc3c5cc

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2024-12-27
CVE-2024-53165

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Dec. 27, 2024, 2:15 p.m.
Last Modified: Jan. 14, 2025, 4:12 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.