CVE-2024-42285

HIGH EPSS 15.4%
Published Aug 17, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Aug 17, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.8  –  <4.19.320
linuxlinux_kernel*≥4.20  –  <5.4.282
linuxlinux_kernel*≥5.5  –  <5.10.224
linuxlinux_kernel*≥5.11  –  <5.15.165
linuxlinux_kernel*≥5.16  –  <6.1.103
linuxlinux_kernel*≥6.2  –  <6.6.44
linuxlinux_kernel*≥6.7  –  <6.10.3

References 10

  • git.kernel.org https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a
    Patch