CVE-2024-27049

wifi: mt76: mt7925e: fix use-after-free in free_irq()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925e: fix use-after-free in free_irq()

From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test
to make sure the shared irq handler should be able to handle the unexpected
event after deregistration. For this case, let's apply MT76_REMOVED flag to
indicate the device was removed and do not run into the resource access
anymore.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7925e: fix use-after-free in free_irq() Desde el commit a304e1b82808 ("[PATCH] Depurar irqs compartidas"), existe una prueba para asegurarse de que El controlador de irq compartido debería poder manejar el evento inesperado después de la cancelación del registro. Para este caso, apliquemos el indicador MT76_REMOVED para indicar que el dispositivo fue eliminado y que ya no se puede acceder al recurso.

A use-after-free flaw was found in free_irq() in the Linux kernel.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-12-19 CVE Updated
2024-12-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/c948b5da6bbec742b433138e3e3f9537a85af2e5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5	2024-03-26
https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f	2024-03-26
https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9	2024-02-22

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-27049	2024-08-15
https://bugzilla.redhat.com/show_bug.cgi?id=2278429	2024-08-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.7.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.9"		en		Affected