NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-50061

Summary	In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 \| cdns_i3c_master_hj cdns_i3c_master_remove \| i3c_master_unregister(&master->base) \| device_unregister(&master->dev) \| device_release \| //free master->base \| \| i3c_master_do_daa(&master->base) \| //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove.
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, noon
Last Update	Oct. 24, 2024, 12:12 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b
2	https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5
3	https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性

Title	Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性
Summary	Linux の Linux Kernel には、解放済みメモリの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 17, 2024, midnight
Registration Date	Oct. 28, 2024, 3:16 p.m.
Last Update	Oct. 28, 2024, 3:16 p.m.

Affected System

Linux

Linux Kernel 6.6.57 未満

Linux Kernel 6.7 以上 6.11.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-50061	https://www.cve.org/CVERecord?id=CVE-2024-50061
National Vulnerability Database (NVD)
2	CVE-2024-50061	https://nvd.nist.gov/vuln/detail/CVE-2024-50061

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (609366e)	https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12
2	i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (687016d)	https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5
3	i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (ea0256e)	https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b
Linux Kernel
4	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年10月28日] 掲載	Oct. 28, 2024, 3:16 p.m.