PT-2024-30740 · Linux+5 · Linux Kernel+5

Oliver Neukum

·

Published

2024-07-31

·

Updated

2025-02-05

·

CVE-2024-43883

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fix
Description A vulnerability in the Linux kernel has been resolved, specifically in the usb: vhci-hcd driver. The issue involves the driver carrying stale pointers to references that can still be used, which can lead to potential security risks. The vulnerability affects versions prior to the fix, and remediation is available in versions post-commit.
Recommendations Update to a version of the Linux kernel that includes the fix for this vulnerability to ensure security. As a temporary workaround, consider disabling the vulnerable usb: vhci-hcd driver until a patch is available.

Exploit

Fix

Use After Free

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-20

Related Identifiers

BDU:2025-01971
CVE-2024-43883
DLA-3912-1
DLA-4008-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2106
OESA-2024-2107
OESA-2024-2108
OESA-2024-2109
OESA-2024-2124
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3249-1
OPENSUSE-SU-2024_3408-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3225-1
SUSE-SU-2024:3227-1
SUSE-SU-2024:3249-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3408-1
SUSE-SU-2024:3467-1
SUSE-SU-2024:3483-1
SUSE-SU-2024:3499-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu