PT-2024-3420 · Linux+5 · Linux Kernel+5

David Mosberger-Tan

·

Published

2024-02-15

·

Updated

2025-02-03

·

CVE-2024-26895

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc1+ #117
Description: The vulnerability is related to a use-after-free issue in the wilc netdev cleanup function when cleaning up all interfaces. This can be triggered by removing the module or unbinding the device from the driver, and can cause a denial of service. The issue is due to netdevice unregistration during vif list traversal, which frees the netdevice object and the corresponding vif object. The next occurrence of the loop then tries to access the freed vif pointer, causing the use-after-free.
To fix this issue, two mechanisms are used: navigating the list with list for each entry safe to safely modify the list, and waiting for the RCU grace period end after each vif removal to ensure it is safe to free the corresponding vif.
Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. If updating is not possible, consider disabling the wilc netdev cleanup function or restricting access to the vulnerable module until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-03700
CVE-2024-26895
DLA-3842-1
DSA-5681-1
OESA-2024-1622
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2025:20028-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6878-1
USN-6892-1
USN-6919-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu