Linux · Linux Kernel · CVE-2024-38385
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to a use-after-free vulnerability in the `irq find at or after()` function. This function dereferences an interrupt descriptor returned by `mt find()` without holding the necessary locks, allowing the descriptor to be freed between `mt find()` and the dereference. The vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The use-after-free is reported by KASAN, with a call trace involving `irq get next irq()`, `show stat()`, `seq read iter()`, `proc reg read iter()`, and `vfs read()`. The vulnerability is caused by the lack of a RCU read lock section when accessing the interrupt descriptor.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.