CVE-2024-43900

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs because a module allocates a struct tuner in tuner probe(), and then the module initialization fails, causing the struct tuner to be released. A worker created during module initialization accesses this struct tuner later, resulting in a use-after-free error. The process involves the following steps: tuner probe() allocates a dvb frontend, request firmware nowait() creates a worker, tuner remove() frees the dvb frontend, and load firmware cb() accesses the freed dvb frontend. To fix the issue, the dvd frontend in load firmware cb() should be checked for null, and a warning should be reported if it is null.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.