Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-41057 | First vendor Publication | 2024-07-29 |
| Vendor | Cve | Last vendor Modification | 2025-05-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7 | ||
| Base Score | 7 | Environmental Score | 7 |
| impact SubScore | 5.9 | Temporal Score | 7 |
| Exploitabality Sub Score | 1 | ||
| Attack Vector | Local | Attack Complexity | High |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_withdraw_cookie+0x4d9/0x600 Read of size 8 at addr ffff888118efc000 by task kworker/u78:0/109 CPU: 13 PID: 109 Comm: kworker/u78:0 Not tainted 6.8.0-dirty #566 Call Trace: Allocated by task 117: Freed by task 120301: Following is the process that triggers the issue: p1 | p2 ------------------------------------------------------------ After setting FSCACHE_CACHE_IS_WITHDRAWN, wait for all the cookie lookups to complete first, and then wait for fscache_cache->object_count == 0 to avoid the cookie exiting after the volume has been freed and triggering the above issue. Therefore call fscache_withdraw_volume() before calling cachefiles_withdraw_objects(). This way, after setting FSCACHE_CACHE_IS_WITHDRAWN, only the following two cases will occur: 1) fscache_begin_lookup fails in fscache_begin_volume_access(). 2) fscache_withdraw_volume() will ensure that fscache_count_object() has |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41057 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-416 | Use After Free |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-07-15 02:35:37 |
|
| 2025-07-14 12:33:55 |
|
| 2025-06-26 02:32:59 |
|
| 2025-06-25 12:32:11 |
|
| 2025-06-24 02:37:39 |
|
| 2025-05-27 02:42:04 |
|
| 2025-05-26 21:21:20 |
|
| 2025-03-29 03:38:23 |
|
| 2025-03-28 13:43:33 |
|
| 2025-03-28 03:16:56 |
|
| 2025-03-19 03:12:20 |
|
| 2025-03-18 03:25:14 |
|
| 2025-03-14 03:12:34 |
|
| 2025-03-06 14:09:04 |
|
| 2025-02-22 03:22:32 |
|
| 2025-01-08 03:03:46 |
|
| 2025-01-07 03:03:19 |
|
| 2024-12-25 03:01:57 |
|
| 2024-12-12 03:04:54 |
|
| 2024-11-25 09:23:27 |
|
| 2024-11-22 21:22:41 |
|
| 2024-11-21 21:22:13 |
|
| 2024-11-20 02:58:32 |
|
| 2024-11-14 02:58:51 |
|
| 2024-11-09 02:58:51 |
|
| 2024-10-26 02:56:15 |
|
| 2024-10-25 02:58:10 |
|
| 2024-10-23 02:57:23 |
|
| 2024-10-03 02:52:42 |
|
| 2024-10-02 02:51:06 |
|
| 2024-09-15 02:48:52 |
|
| 2024-09-12 02:48:25 |
|
| 2024-09-07 02:47:24 |
|
| 2024-09-06 02:46:34 |
|
| 2024-09-04 02:49:47 |
|
| 2024-08-22 17:27:50 |
|
| 2024-07-29 21:27:27 |
|
