CVE-2024-53165

sh: intc: Fix use-after-free bug in register_intc_controller()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever
removing it from intc_list which would lead to a use after free.
To fix this, let's only add it to the list after everything has
succeeded.

In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-27 CVE Published
2025-11-03 CVE Updated
2026-02-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/2dcec7a988a1895540460a0bf5603bab63d5a3ed	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3c7c806b3eafd94ae0f77305a174d63b69ec187c	2024-12-05
https://git.kernel.org/stable/c/d8de818df12d86a1a26a8efd7b4b3b9c6dc3c5cc	2024-12-14
https://git.kernel.org/stable/c/971b4893457788e0e123ea552f0bb126a5300e61	2024-12-14
https://git.kernel.org/stable/c/c3f4f4547fb291982f5ef56c048277c4d5ccc4e4	2024-12-14
https://git.kernel.org/stable/c/c43df7dae28fb9fce96ef088250c1e3c3a77c527	2024-12-14
https://git.kernel.org/stable/c/b8b84dcdf3ab1d414304819f824b10efba64132c	2024-12-09
https://git.kernel.org/stable/c/6ba6e19912570b2ad68298be0be1dc779014a303	2024-12-05
https://git.kernel.org/stable/c/588bdec1ff8b81517dbae0ae51c9df52c0b952d3	2024-12-05
https://git.kernel.org/stable/c/63e72e551942642c48456a4134975136cdcb9b3c	2024-11-30

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 4.19.325 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 6.13"		en		Affected