PT-2024-6861 · Linux+6 · Linux Kernel+6
George Kennedy
·
Published
2024-09-03
·
Updated
2025-09-29
·
CVE-2024-46738
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a use-after-free vulnerability in the
vmci resource remove() function. When removing a resource from vmci resource table, the search is performed using the resource handle by comparing context and resource fields. However, it is possible to create two resources with different types but the same handle, leading to a situation where the intended resource may not be removed, but the object will still be freed. This results in vmci resource table holding a pointer to the freed resource, causing a use-after-free vulnerability. The vulnerability can be exploited by creating two resources with different types but the same handle and then removing one of them.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu