PT-2024-1006 · Linux+5 · Linux Kernel+5

Carlos Llamas

·

Published

2024-09-03

·

Updated

2025-09-29

·

CVE-2024-46740

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52
Description The issue is related to a use-after-free vulnerability in the Linux kernel's binder functionality. During transactions, binder objects are processed and copied into a target buffer. However, the copy operation lacks an out-of-bounds check, allowing raw data to overwrite the offsets section if it exceeds the data section size. This corruption triggers an error that attempts to unwind the processed objects, but with corrupted offsets, leading to premature release of arbitrary nodes and a dangling pointer, resulting in a use-after-free condition.
Recommendations To resolve this issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider restricting access to the binder functionality until a patch is applied.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-12535
ALT-PU-2024-12537
ALT-PU-2024-12541
ALT-PU-2024-12968
ALT-PU-2024-12970
ALT-PU-2024-13121
ALT-PU-2024-13166
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-15824
ASB-A-352520660
AZL-49422
BDU:2024-08184
CVE-2024-46740
DLA-3912-1
DLA-4008-1
DSA-5782-1
MGASA-2024-0316
MGASA-2024-0318
OESA-2024-2216
OESA-2024-2217
OESA-2024-2218
OESA-2024-2219
OESA-2024-2220
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu