CVE-2024-26619

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26619
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix module loading free order Reverse order of kfree calls to resolve use-after-free error.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 Patch
https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 Patch
https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 Patch
https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

12 Dec 2024, 15:19

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 - () https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 - Patch
References () https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 - () https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-416
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

21 Nov 2024, 09:02

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 - () https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 -
References () https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 - () https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 -

12 Mar 2024, 12:40

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: corrige el orden libre de carga del módulo. Orden inverso de las llamadas kfree para resolver el error de use-after-free.

11 Mar 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-11 18:15

Updated : 2024-12-12 15:19

NVD link : CVE-2024-26619

Mitre link : CVE-2024-26619

CVE.ORG link : CVE-2024-26619

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free