Use-After-Free Vulnerability in Linux Kernel Media Drivers
CVE-2024-23848

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 23 January 2024

What is CVE-2024-23848?

A vulnerability exists in the Linux kernel affecting versions up to 6.7.1 where a use-after-free condition in the media drivers can be exploited. This issue is found in the cec_queue_msg_fh function within drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. An attacker could exploit this vulnerability to potentially execute arbitrary code or disrupt normal operations.

References

https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Jan 23, 2024