misc: fastrpc: Fix double free of 'buf' in error path
CVE-2024-46741

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-46741?

In the Linux kernel, a notable memory management issue exists within the Fastrpc driver, specifically related to the fastrpc_req_mmap function. This vulnerability stems from a design flaw where the fastrpc buffer can be improperly freed more than once, leading to a double free condition. In scenarios where the unmap operation is successful, the buffer is freed within the fastrpc_req_munmap_impl function. However, a subsequent unconditional call to fastrpc_buf_free() can trigger another deallocation attempt on the same buffer, resulting in a double free error. Such vulnerabilities can be exploited to corrupt memory, potentially leading to system instability or unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2

References

https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d9...

https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5...

https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f744...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Sep 11, 2024

JSON

Linux

What is CVE-2024-46741?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.