CVE-2024-42285
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
17/08/2024
Last modified:
19/08/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs<br />
<br />
iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with<br />
an existing struct iw_cm_id (cm_id) as follows:<br />
<br />
conn_id->cm_id.iw = cm_id;<br />
cm_id->context = conn_id;<br />
cm_id->cm_handler = cma_iw_handler;<br />
<br />
rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make<br />
sure that cm_work_handler() does not trigger a use-after-free by only<br />
freeing of the struct rdma_id_private after all pending work has finished.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.8 (including) | 4.19.320 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.282 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.224 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.165 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.103 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.44 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.10.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6
- https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574
- https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79
- https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4
- https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6
- https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5
- https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae
- https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a