Use After Free Affecting kernel-preempt package, versions <5.3.18-150300.59.182.1
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-SLES153-KERNELPREEMPT-8448267
- published3 Dec 2024
- disclosed2 Dec 2024
Introduced: 2 Dec 2024
NewCVE-2024-46849 (opens in a new tab)How to fix?
Upgrade SLES:15.3 kernel-preempt to version 5.3.18-150300.59.182.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-preempt package and not the kernel-preempt package as distributed by SLES.
See How to fix? for SLES:15.3 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ASoC: meson: axg-card: fix 'use-after-free'
Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated.
Kasan bug report:
================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356
CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194
References
- https://www.suse.com/security/cve/CVE-2024-46849.html
- https://bugzilla.suse.com/1231073
- https://bugzilla.suse.com/1231256
- https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86
- https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607
- https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037
- https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29
- https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d
- https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a
- https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22