PT-2024-6979 · Linux+3 · Linux Kernel+3

Published

2024-08-12

Updated

2025-09-29

CVE-2024-44997

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free panic in the mtk wed setup tc block cb() function. When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X. The problem occurs because cb priv was freed in mtk wed setup tc block() without marking NULL, and mtk wed setup tc block cb() didn't check the value. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-11855

ALT-PU-2024-13260

ALT-PU-2024-13979

AZL-48741

BDU:2024-08228

CVE-2024-44997

MGASA-2024-0309

MGASA-2024-0310

OESA-2024-2325

OPENSUSE-SU-2024_3551-1

OPENSUSE-SU-2024_3561-1

OPENSUSE-SU-2024_3564-1

SUSE-SU-2024:3551-1

SUSE-SU-2024:3553-1

SUSE-SU-2024:3561-1

SUSE-SU-2024:3564-1

SUSE-SU-2025:20073-1

SUSE-SU-2025:20077-1

Affected Products

Alt Linux

Linux Kernel

Red Os

Suse

PT-2024-6979 · Linux+3 · Linux Kernel+3

CVE-2024-44997

Weakness Enumeration

Related Identifiers

Affected Products

References · 495