Use After Free Affecting kernel-syms package, versions <6.4.0-150600.23.25.1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-KERNELSYMS-8175557
- published 10 Oct 2024
- disclosed 9 Oct 2024
Introduced: 9 Oct 2024
New CVE-2024-44997 Open this link in a new tabHow to fix?
Upgrade SLES:15.6 kernel-syms to version 6.4.0-150600.23.25.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-syms package and not the kernel-syms package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()
When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X.
Previously, cb_priv was freed in mtk_wed_setup_tc_block() without marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too.
Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL in mtk_wed_setup_tc_block_cb().
Unable to handle kernel paging request at virtual address 0072460bca32b4f5 Call trace: mtk_wed_setup_tc_block_cb+0x4/0x38 0xffffffc0794084bc tcf_block_playback_offloads+0x70/0x1e8 tcf_block_unbind+0x6c/0xc8 ...
References
- https://www.suse.com/security/cve/CVE-2024-44997.html
- https://bugzilla.suse.com/1230232
- https://git.kernel.org/stable/c/326a89321f9d5fe399fe6f9ff7c0fc766582a6a0
- https://git.kernel.org/stable/c/b453a4bbda03aa8741279c360ac82d1c3ac33548
- https://git.kernel.org/stable/c/db1b4bedb9b97c6d34b03d03815147c04fffe8b4