CVE-2024-38385 : In the Linux kernel, the following vulnerability has been resolved: genirq/irqd

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.

Published 2024-06-25 14:22:38

Updated 2024-09-03 17:59:27

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2024-38385

Linux » Linux Kernel
Versions from including (>=) 6.5 and before (<) 6.6.34
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.9.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-38385

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-38385

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2024-09-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	N/A	N/A	RedHat-CVE-2024-38385	2024-06-25
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-38385

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-38385

https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21

genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba

genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8

genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-38385

Products affected by CVE-2024-38385

Exploit prediction scoring system (EPSS) score for CVE-2024-38385

CVSS scores for CVE-2024-38385

CWE ids for CVE-2024-38385

References for CVE-2024-38385