// For flags

CVE-2024-27043

media: edia: dvbdev: fix a use-after-free

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

media: edia: dvbdev: fix a use-after-free

In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:

budget_register
|-> dvb_dmxdev_init
|-> dvb_register_device
|-> dvb_dmxdev_release
|-> dvb_unregister_device
|-> dvb_remove_device
|-> dvb_device_put
|-> kref_put

When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: edia: dvbdev: corregir un use-after-free En dvb_register_device, *pdvbdev se establece igual a dvbdev, que se libera en varias rutas de manejo de errores. Sin embargo, *pdvbdev no se establece en NULL después de la desasignación de dvbdev, lo que provoca use-after-free en muchos lugares, por ejemplo, en la siguiente cadena de llamadas: Budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device | -> dvb_remove_device |-> dvb_device_put |-> kref_put Al llamar a dvb_unregister_device, dmxdev->dvbdev (es decir, *pdvbdev en dvb_register_device) podría apuntar a la memoria que se había liberado en dvb_register_device. A partir de entonces, este puntero se transfiere a kref_put y se activa un use-after-free.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-05-01 CVE Published
  • 2024-05-02 EPSS Updated
  • 2024-08-15 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 4.19.311
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 4.19.311"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 5.4.273
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 5.4.273"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 5.10.214
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 5.10.214"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 5.15.153
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 5.15.153"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 6.1.83
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 6.1.83"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 6.6.23
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 6.6.23"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 6.7.11
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 6.7.11"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 6.8.2
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 6.8.2"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.21 < 6.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.21 < 6.9"
en
Affected