PT-2024-29164 · Linux+5 · Linux Kernel+5

Guo Zihua

·

Published

2024-05-07

·

Updated

2025-02-03

·

CVE-2024-40947

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, which could cause a panic in the ima match policy function due to a kernel NULL pointer dereference. The issue arises from a call to ima lsm copy rule within a RCU read-side critical section, containing kmalloc with GFP KERNEL, which implies a possible sleep and violates the limitations of RCU read-side critical sections on non-PREEMPT systems. This could lead to synchronize rcu returning early, breaking RCU protection and allowing a Use-After-Free (UAF) to occur. The root cause involves a race condition between two threads, where one thread frees an entry while the other thread tries to access it, potentially causing a panic.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-476

Related Identifiers

BDU:2025-03432
CVE-2024-40947
DLA-4008-1
DSA-5731-1
DSA-5747-1
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-1941
OESA-2024-1942
OESA-2024-1944
SUSE-SU-2024:2802-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7008-1
USN-7029-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu