vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-44934): Linux kernel vulnerabilities

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Aug 26, 2024
Added
Nov 12, 2024
Modified
Aug 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mcast: wait for previous gc cycles when removing port

syzbot hit a use-after-free[1] which is caused because the bridge doesn't
make sure that all previous garbage has been collected when removing a
port. What happens is:
CPU 1 CPU 2
start gc cycle remove port
acquire gc lock first
wait for lock
call br_multicasg_gc() directly
acquire lock now but free port
the port can be freed
while grp timers still
running

Make sure all previous gc cycles have finished by using flush_work before
freeing the port.

[1]
BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861
Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699

CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:488
kasan_report+0xd9/0x110 mm/kasan/report.c:601
br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861
call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792
expire_timers kernel/time/timer.c:1843 [inline]
__run_timers+0x74b/0xaf0 kernel/time/timer.c:2417
__run_timer_base kernel/time/timer.c:2428 [inline]
__run_timer_base kernel/time/timer.c:2421 [inline]
run_timer_base+0x111/0x190 kernel/time/timer.c:2437

Solutions

ubuntu-upgrade-linux-image-5-15-0-1038-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1055-gkeopubuntu-upgrade-linux-image-5-15-0-1065-ibmubuntu-upgrade-linux-image-5-15-0-1065-raspiubuntu-upgrade-linux-image-5-15-0-1067-intel-iotgubuntu-upgrade-linux-image-5-15-0-1067-nvidiaubuntu-upgrade-linux-image-5-15-0-1067-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1069-gkeubuntu-upgrade-linux-image-5-15-0-1069-kvmubuntu-upgrade-linux-image-5-15-0-1070-oracleubuntu-upgrade-linux-image-5-15-0-1071-gcpubuntu-upgrade-linux-image-5-15-0-1072-awsubuntu-upgrade-linux-image-5-15-0-1075-azureubuntu-upgrade-linux-image-5-15-0-1078-azureubuntu-upgrade-linux-image-5-15-0-125-genericubuntu-upgrade-linux-image-5-15-0-125-generic-64kubuntu-upgrade-linux-image-5-15-0-125-generic-lpaeubuntu-upgrade-linux-image-5-15-0-125-lowlatencyubuntu-upgrade-linux-image-5-15-0-125-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1002-gkeopubuntu-upgrade-linux-image-6-8-0-1015-gkeubuntu-upgrade-linux-image-6-8-0-1016-raspiubuntu-upgrade-linux-image-6-8-0-1017-ibmubuntu-upgrade-linux-image-6-8-0-1017-oracleubuntu-upgrade-linux-image-6-8-0-1017-oracle-64kubuntu-upgrade-linux-image-6-8-0-1018-oemubuntu-upgrade-linux-image-6-8-0-1019-gcpubuntu-upgrade-linux-image-6-8-0-1019-nvidiaubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1020-awsubuntu-upgrade-linux-image-6-8-0-1020-azureubuntu-upgrade-linux-image-6-8-0-1020-azure-fdeubuntu-upgrade-linux-image-6-8-0-50-genericubuntu-upgrade-linux-image-6-8-0-50-generic-64kubuntu-upgrade-linux-image-6-8-0-50-lowlatencyubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-24-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-xilinx-zynqmp

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today