PT-2024-6714 · Linux+9 · Linux Kernel+9

Mostafa Saleh

Published

2024-06-24

Updated

2025-09-29

CVE-2024-41096

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a use-after-free vulnerability in the msi capability init function. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs due to a failure in the msi domain alloc locked function, which leads to the descriptor being freed and then accessed in the error exit path of pci msi setup msi irqs in msi capability init. The solution involves copying the descriptor and using the copy for the error exit path unmask operation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:6567

ALSA-2025_16880

ALT-PU-2024-13979

ALT-PU-2024-14046

AZL-47555

BDU:2024-07927

CVE-2024-41096

DLA-4008-1

DSA-5782-1

INFSA-2024_6567

OESA-2024-1960

RHSA-2024:6567

RHSA-2024_6567

RLSA-2024:6567

RXSA-2024:6567

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-6714 · Linux+9 · Linux Kernel+9

CVE-2024-41096

Weakness Enumeration

Related Identifiers

Affected Products

References · 1725