Executive Summary

Informations
Name CVE-2024-44997 First vendor Publication 2024-09-04
Vendor Cve Last vendor Modification 2024-09-06

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()

When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X.

Previously, cb_priv was freed in mtk_wed_setup_tc_block() without marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too.

Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL in mtk_wed_setup_tc_block_cb().

---------- Unable to handle kernel paging request at virtual address 0072460bca32b4f5 Call trace:
mtk_wed_setup_tc_block_cb+0x4/0x38
0xffffffc0794084bc
tcf_block_playback_offloads+0x70/0x1e8
tcf_block_unbind+0x6c/0xc8 ... ---------

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44997

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-416 Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3602

Sources (Detail)

https://git.kernel.org/stable/c/326a89321f9d5fe399fe6f9ff7c0fc766582a6a0
https://git.kernel.org/stable/c/b453a4bbda03aa8741279c360ac82d1c3ac33548
https://git.kernel.org/stable/c/db1b4bedb9b97c6d34b03d03815147c04fffe8b4
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2024-10-03 02:53:33
  • Multiple Updates
2024-10-02 02:51:58
  • Multiple Updates
2024-09-14 21:29:51
  • Multiple Updates
2024-09-12 00:27:29
  • Multiple Updates
2024-09-06 21:27:33
  • Multiple Updates
2024-09-05 17:27:24
  • Multiple Updates
2024-09-05 00:27:25
  • First insertion