CVE-2024-27043: media: edia: dvbdev: fix a use-after-free

First published: Wed May 01 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
redhat/kernel	<4.19.311	4.19.311
redhat/kernel	<5.4.273	5.4.273
redhat/kernel	<5.10.214	5.10.214
redhat/kernel	<5.15.153	5.15.153
redhat/kernel	<6.1.83	6.1.83
redhat/kernel	<6.6.23	6.6.23
redhat/kernel	<6.7.11	6.7.11
redhat/kernel	<6.8.2	6.8.2
redhat/kernel	<6.9	6.9
	>=2.6.21<4.19.311
	>=4.20<5.4.273
	>=5.5<5.10.214
	>=5.11<5.15.153
	>=5.16<6.1.83
	>=6.2<6.6.23
	>=6.7<6.7.11
	>=6.8<6.8.2
debian/linux		5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1
Linux Linux kernel	>=2.6.21<4.19.311
Linux Linux kernel	>=4.20<5.4.273
Linux Linux kernel	>=5.5<5.10.214
Linux Linux kernel	>=5.11<5.15.153
Linux Linux kernel	>=5.16<6.1.83
Linux Linux kernel	>=6.2<6.6.23
Linux Linux kernel	>=6.7<6.7.11
Linux Linux kernel	>=6.8<6.8.2

CVE-2024-27043: media: edia: dvbdev: fix a use-after-free

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact