CVE-2024-49852

HIGH EPSS 11.1%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the refcount drops to zero. The nport->release release function is _efc_nport_free() which frees "nport". But then we dereference "nport" on the next line which is a use after free. Re-order these lines to avoid the use after free.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
11.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.14  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.54
linuxlinux_kernel*≥6.7  –  <6.10.13
linuxlinux_kernel*≥6.11  –  <6.11.2

References 7

  • git.kernel.org https://git.kernel.org/stable/c/16a570f07d870a285b0c0b0d1ca4dff79e8aa5ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e4b02fad094976763af08fec2c620f4f8edd9ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7c2908985e4ae0ea1b526b3916de9e5351650908
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98752fcd076a8cbc978016eae7125b4971be1eec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/abc71e89170ed32ecf0a5a29f31aa711e143e941
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/baeb8628ab7f4577740f00e439d3fdf7c876b0ff
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/16a570f07d870a285b0c0b0d1ca4dff79e8aa5ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e4b02fad094976763af08fec2c620f4f8edd9ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7c2908985e4ae0ea1b526b3916de9e5351650908
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98752fcd076a8cbc978016eae7125b4971be1eec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/abc71e89170ed32ecf0a5a29f31aa711e143e941
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/baeb8628ab7f4577740f00e439d3fdf7c876b0ff
    Patch