PT-2024-5412 · Linux+5 · Linux Kernel+5

Roberto Sassu

·

Published

2024-04-22

·

Updated

2025-09-29

·

CVE-2024-39292

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a race condition in the Linux kernel, specifically in the register winch irq() function. This function is part of the User-Mode Linux (UML) subsystem. The race condition occurs when an interrupt may happen before the winch is added to the winch handlers list, leading to a situation where a winch that is scheduled to be freed or has already been freed is added to the list, causing a panic later in winch cleanup(). The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2024-11524
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-17597
ALT-PU-2024-9459
ALT-PU-2024-9615
ALT-PU-2024-9621
AZL-42889
AZL-42937
BDU:2024-06056
CVE-2024-39292
DLA-3840-1
DSA-5730-1
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1792
OESA-2024-1793
OESA-2024-1796
OESA-2024-2258
OESA-2025-1078
USN-6951-1
USN-6951-2
USN-6951-3
USN-6951-4
USN-6953-1
USN-6972-1
USN-6972-2
USN-6972-3
USN-6972-4
USN-6974-1
USN-6974-2
USN-6975-1
USN-6976-1
USN-6979-1
USN-7008-1
USN-7019-1
USN-7029-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu