1. Home
  2. Vulnerabilities
  3. CVE-2024-27043

CVE-2024-27043

EPSS 0.04 % (14th)
0.04% Progress
Advisories 34
NVD Status Awaiting Analysis
Info EPSS References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

media: edia: dvbdev: fix a use-after-free

In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:

budget_register
|-> dvb_dmxdev_init
|-> dvb_register_device
|-> dvb_dmxdev_release
|-> dvb_unregister_device
|-> dvb_remove_device
|-> dvb_device_put
|-> kref_put

When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.

CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
kernel.org
Published Date
2024-05-01 13:15:49
(4 months ago)
Updated Date
2024-06-27 12:15:24
(2 months ago)