Use-After-Free Vulnerability in Linux Kernel Affecting Multiple Drivers
CVE-2024-57798
Summary
A vulnerability in the Linux kernel arises when handling MST (Multi-Stream Transport) requests, specifically within the drm_dp_mst_handle_up_req() function. This issue occurs due to improper management of pointers, where the mst_primary pointer may be freed in one thread while being accessed in another, leading to potential NULL dereference or use-after-free scenarios. The vulnerability has been mitigated by ensuring that a reference to mst_primary is held while it is being utilized, thereby preventing accidental dereferencing of freed memory. It is crucial for system administrators to update to patched versions of the kernel to safeguard against this type of vulnerability.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9735d40f5fde9970aa46e828ecc85c32571d58a2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
References
Timeline
Vulnerability published
Vulnerability Reserved