PT-2024-10539 · Linux+6 · Linux Kernel+6

Hyunwoo Kim

+2

·

Published

2024-07-08

·

Updated

2025-09-29

·

CVE-2024-41010

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use after free (UAF) vulnerability in the Linux kernel. It occurs when an active old-style ingress or clsact qdisc with a shared tc block is later replaced by another ingress or clsact instance, causing the tcx entry to be released too early. The sequence to trigger the UAF involves creating a network namespace, allocating a tcx entry, and then replacing the qdisc, which frees the previously linked tcx entry. Later, when the network namespace is closed, it accesses the already freed tcx entry, leading to the UAF. The correct fix is to turn the miniq active boolean into a counter, ensuring the tcx entry is freed at the correct time.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2024-13979
AZL-43393
BDU:2025-01090
CVE-2024-41010
INFSA-2025_6966
OESA-2024-1960
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu