CVE-2024-27043

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27043
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27043.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27043
Downstream
Related
Published
2024-05-01T13:15:49Z
Modified
2025-08-09T19:01:26Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

media: edia: dvbdev: fix a use-after-free

In dvbregisterdevice, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain:

budgetregister |-> dvbdmxdevinit |-> dvbregisterdevice |-> dvbdmxdevrelease |-> dvbunregisterdevice |-> dvbremovedevice |-> dvbdeviceput |-> krefput

When calling dvbunregisterdevice, dmxdev->dvbdev (i.e. *pdvbdev in dvbregisterdevice) could point to memory that had been freed in dvbregisterdevice. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.

References

Affected packages