PT-2024-3616 · Linux+5 · Linux Kernel+5

Hyunwoo Kim

Published

2024-04-24

Updated

2025-02-03

CVE-2024-27396

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a Use-After-Free vulnerability in the gtp dellink function. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The problem arises because call rcu, which is called in the hlist for each entry rcu traversal of gtp dellink, is not part of the RCU read critical section. As a result, the RCU grace period may pass during the traversal, and the key may be freed. To prevent this, it should be changed to hlist for each entry safe.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-40565

BDU:2024-03933

CVE-2024-27396

DLA-3840-1

DLA-3842-1

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1647

OESA-2024-1648

OESA-2024-1649

OESA-2024-1650

OESA-2024-1651

OESA-2024-1652

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6896-1

USN-6896-2

USN-6896-3

USN-6896-4

USN-6896-5

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6919-1

USN-6927-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

USN-7019-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-3616 · Linux+5 · Linux Kernel+5

CVE-2024-27396

Weakness Enumeration

Related Identifiers

Affected Products

References · 3565