Use-after-free Vulnerability in Linux Kernel Affecting Multiple Devices
CVE-2024-56764

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 January 2025

Summary

In the Linux kernel, a vulnerability exists where failure during the process of adding a disk can lead to a use-after-free condition. Specifically, within the ublk_abort_requests() function, the kernel attempts to abort all inflight requests using a reference to gendisk. If the add_disk() operation fails, it may result in accessing a freed gendisk during subsequent abort operations, potentially leading to system instability or crashes. This issue has been addressed by ensuring that gendisk is properly detached from the ublk device in scenarios where add_disk() does not succeed, thereby maintaining system integrity and security.

Affected Version(s)

Linux bd23f6c2c2d00518e2f27f2d25cef795de9bee56 < 7d680f2f76a3417fdfc3946da7471e81464f7b41

Linux bd23f6c2c2d00518e2f27f2d25cef795de9bee56 < 75cd4005da5492129917a4a4ee45e81660556104

Linux 6.7

References

https://git.kernel.org/stable/c/7d680f2f76a3417fdfc3946da...

https://git.kernel.org/stable/c/75cd4005da5492129917a4a4e...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025