Updated: 2024-12-10 02:23:31.449667
Description:
In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1738671431 | 2025-02-05 02:21:49 | |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1738670922 | 2025-02-05 02:21:56 | |
CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | In Rollout | CLSA-2025:1739292069 | 2025-02-12 06:38:21 | |
CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | In Testing | CLSA-2025:1736778412 | 2025-02-01 23:55:06 | |
CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | In Testing | CLSA-2025:1736778632 | 2025-02-11 00:36:52 | |
CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Ignored | 2025-01-10 22:42:39 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Released | CLSA-2025:1739352814 | 2025-02-13 01:25:14 | |
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1736444557 | 2025-02-07 06:40:09 | |
Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Released | CLSA-2025:1736470237 | 2025-02-07 06:40:08 | |
Ubuntu 18.04 ELS | linux | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1736469006 | 2025-02-07 06:40:09 |