vulnerability
Ubuntu: (Multiple Advisories) (CVE-2024-27043): Linux kernel vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | 05/01/2024 | 07/01/2024 | 01/30/2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
media: edia: dvbdev: fix a use-after-free
In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:
budget_register
|-> dvb_dmxdev_init
|-> dvb_register_device
|-> dvb_dmxdev_release
|-> dvb_unregister_device
|-> dvb_remove_device
|-> dvb_device_put
|-> kref_put
When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.
Solution(s)
References
- CVE-2024-27043
- https://attackerkb.com/topics/CVE-2024-27043
- UBUNTU-USN-6816-1
- UBUNTU-USN-6817-1
- UBUNTU-USN-6817-2
- UBUNTU-USN-6817-3
- UBUNTU-USN-6820-1
- UBUNTU-USN-6820-2
- UBUNTU-USN-6821-1
- UBUNTU-USN-6821-2
- UBUNTU-USN-6821-3
- UBUNTU-USN-6821-4
- UBUNTU-USN-6828-1
- UBUNTU-USN-6871-1
- UBUNTU-USN-6878-1
- UBUNTU-USN-6892-1
- UBUNTU-USN-6896-1
- UBUNTU-USN-6896-2
- UBUNTU-USN-6896-3
- UBUNTU-USN-6896-4
- UBUNTU-USN-6896-5
- UBUNTU-USN-6919-1

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.