Executive Summary

Informations
Name CVE-2024-26892 First vendor Publication 2024-04-17
Vendor Cve Last vendor Modification 2025-01-14

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921e: fix use-after-free in free_irq()

From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore.

BUG: KASAN: use-after-free in mt7921_irq_handler+0xd8/0x100 [mt7921e] Read of size 8 at addr ffff88824a7d3b78 by task rmmod/11115 CPU: 28 PID: 11115 Comm: rmmod Tainted: G W L 5.17.0 #10 Hardware name: Micro-Star International Co., Ltd. MS-7D73/MPG B650I EDGE WIFI (MS-7D73), BIOS 1.81 01/05/2024 Call Trace:

dump_stack_lvl+0x6f/0xa0
print_address_description.constprop.0+0x1f/0x190
? mt7921_irq_handler+0xd8/0x100 [mt7921e]
? mt7921_irq_handler+0xd8/0x100 [mt7921e]
kasan_report.cold+0x7f/0x11b
? mt7921_irq_handler+0xd8/0x100 [mt7921e]
mt7921_irq_handler+0xd8/0x100 [mt7921e]
free_irq+0x627/0xaa0
devm_free_irq+0x94/0xd0
? devm_request_any_context_irq+0x160/0x160
? kobject_put+0x18d/0x4a0
mt7921_pci_remove+0x153/0x190 [mt7921e]
pci_device_remove+0xa2/0x1d0
__device_release_driver+0x346/0x6e0
driver_detach+0x1ef/0x2c0
bus_remove_driver+0xe7/0x2d0
? __check_object_size+0x57/0x310
pci_unregister_driver+0x26/0x250
__do_sys_delete_module+0x307/0x510
? free_module+0x6a0/0x6a0
? fpregs_assert_state_consistent+0x4b/0xb0
? rcu_read_lock_sched_held+0x10/0x70
? syscall_enter_from_user_mode+0x20/0x70
? trace_hardirqs_on+0x1c/0x130
do_syscall_64+0x5c/0x80
? trace_hardirqs_on_prepare+0x72/0x160
? do_syscall_64+0x68/0x80
? trace_hardirqs_on_prepare+0x72/0x160
entry_SYSCALL_64_after_hwframe+0x44/0xae

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26892

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-416 Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3659

Sources (Detail)

https://git.kernel.org/stable/c/bfe1adf1606f76c180324e53b130f0e76d5cc6c3
https://git.kernel.org/stable/c/bfeaef901194c5923ce3330272786eff2fac513a
https://git.kernel.org/stable/c/c7dd42fbebcfb02bef070fd48f774d6412d0b49d
https://git.kernel.org/stable/c/c957280ef6ab6bdf559a91ae693a6b34310697e3
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2025-06-26 02:29:54
  • Multiple Updates
2025-06-25 12:30:04
  • Multiple Updates
2025-06-24 02:34:23
  • Multiple Updates
2025-05-27 02:36:34
  • Multiple Updates
2025-03-29 03:35:33
  • Multiple Updates
2025-03-28 13:41:36
  • Multiple Updates
2025-03-28 03:14:36
  • Multiple Updates
2025-03-19 03:10:09
  • Multiple Updates
2025-03-18 03:22:50
  • Multiple Updates
2025-03-14 03:10:25
  • Multiple Updates
2025-03-06 14:06:39
  • Multiple Updates
2025-02-22 03:20:16
  • Multiple Updates
2025-01-14 17:21:11
  • Multiple Updates
2024-11-25 09:26:04
  • Multiple Updates
2024-04-17 17:28:32
  • First insertion