CVE-2024-27049

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f	Patch
https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5	Patch
https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9	Patch
https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f	Patch
https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5	Patch
https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

23 Dec 2024, 19:11

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-416
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f -~~	() https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f - Patch
References	~~() https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5 -~~	() https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5 - Patch
References	~~() https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9 -~~	() https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9 - Patch

Information

Published : 2024-05-01 13:15

Updated : 2024-12-23 19:11

NVD link : CVE-2024-27049

Mitre link : CVE-2024-27049

CVE.ORG link : CVE-2024-27049

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2024-27049", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-01T13:15:50.020", "references": [{"url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let's apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7925e: fix use-after-free in free_irq() Desde el commit a304e1b82808 (\"[PATCH] Depurar irqs compartidas\"), existe una prueba para asegurarse de que El controlador de irq compartido deber\u00eda poder manejar el evento inesperado despu\u00e9s de la cancelaci\u00f3n del registro. Para este caso, apliquemos el indicador MT76_REMOVED para indicar que el dispositivo fue eliminado y que ya no se puede acceder al recurso."}], "lastModified": "2024-12-23T19:11:05.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}