CVE-2024-50059

Updated: 2024-11-08 21:21:48.907609

Description:

In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev function, then &sndev->check_link_status_work is bound with check_link_status_work. switchtec_ntb_link_notification may be called to start the work. If we remove the module which will call switchtec_ntb_remove to make cleanup, it will free sndev through kfree(sndev), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | check_link_status_work switchtec_ntb_remove | kfree(sndev); | | if (sndev->link_force_down) | // use sndev Fix it by ensuring that the work is canceled before proceeding with the cleanup in switchtec_ntb_remove.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.0 HIGH Not Vulnerable 2024-11-07 11:59:42
AlmaLinux 9.2 FIPS kernel 5.14.0 7.0 HIGH Not Vulnerable 2024-11-07 11:59:42
CentOS 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-11-07 11:59:42
CentOS 7 ELS kernel 3.10.0 7.0 HIGH Not Vulnerable 2024-11-07 11:59:39
CentOS 8.4 ELS kernel 4.18.0 7.0 HIGH Not Vulnerable 2024-11-07 11:59:40
CentOS 8.5 ELS kernel 4.18.0 7.0 HIGH Not Vulnerable 2024-11-07 11:59:42
CentOS Stream 8 ELS kernel 4.18.0 7.0 HIGH Not Vulnerable 2024-11-07 02:47:21
CloudLinux 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-11-07 11:59:42
CloudLinux 7 ELS kernel 3.10.0 7.0 HIGH Not Vulnerable 2024-11-07 11:59:39
Oracle Linux 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-11-07 11:59:39
Total: 14