Updated: 2024-12-23 21:45:41.69491
Description:
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1738671431 | 2025-02-05 02:21:00 | |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1738670922 | 2025-02-05 02:21:01 | |
CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | In Rollout | CLSA-2025:1739292069 | 2025-02-12 06:38:09 | |
CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1737468474 | 2025-02-04 02:17:32 | |
CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | In Testing | CLSA-2025:1736778412 | 2025-02-01 23:55:13 | |
CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | In Testing | CLSA-2025:1736778632 | 2025-02-11 00:36:55 | |
CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1738592614 | 2025-02-04 02:18:08 | |
CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Ignored | 2025-01-10 22:41:34 | ||
CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Ignored | 2025-01-10 22:41:33 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Released | CLSA-2025:1739352814 | 2025-02-13 01:25:03 |