Use After Free Affecting kernel-modules-internal package, versions *


Severity

Recommended
0.0
medium
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.22% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS8-KERNELMODULESINTERNAL-8804142
  • published28 Feb 2025
  • disclosed11 Jan 2025

Introduced: 11 Jan 2025

CVE-2024-57798  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

There is no fixed version for Centos:8 kernel-modules-internal.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-modules-internal package and not the kernel-modules-internal package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()

While receiving an MST up request message from one thread in drm_dp_mst_handle_up_req(), the MST topology could be removed from another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL. This could lead to a NULL deref/use-after-free of mst_primary in drm_dp_mst_handle_up_req().

Avoid the above by holding a reference for mst_primary in drm_dp_mst_handle_up_req() while it's used.

v2: Fix kfreeing the request if getting an mst_primary reference fails.

CVSS Base Scores

version 3.1