PT-2024-31310 · Linux+2 · Linux Kernel+2

Michal Kubiak

Published

2024-08-26

Updated

2026-04-20

CVE-2024-44932

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the idpf component in the Linux kernel, where a use-after-free (UAF) vulnerability occurs when destroying queues. This happens because interrupt vectors with embedded NAPIs are freed before the queues, leading to page pools' NAPI pointers pointing to freed memory. The allocation and freeing logic has been inverted to allocate queue/interrupt vectors first and free them last, which is safe since vectors do not require queues to be present. This change also removes the unnecessary queue->q vector pointer cleanup.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

CVE-2024-44932

INFSA-2025_6966

OPENSUSE-SU-2024_3984-1

OPENSUSE-SU-2024_3986-1

OPENSUSE-SU-2024_4315-1

OPENSUSE-SU-2024_4346-1

OPENSUSE-SU-2024_4376-1

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2024:3984-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4345-1

SUSE-SU-2024:4346-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

Affected Products

Linux Kernel

Red Hat

Suse

PT-2024-31310 · Linux+2 · Linux Kernel+2

CVE-2024-44932

Weakness Enumeration

Related Identifiers

Affected Products

References · 1393