PT-2024-7068 · Linux+6 · Linux Kernel+6

Ilya Dryomov

·

Published

2024-07-10

·

Updated

2025-09-29

·

CVE-2024-42232

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a race condition between delayed work() and ceph monc stop() in the Linux kernel, specifically in the libceph module. This race condition can lead to a use-after-free scenario, particularly affecting monc->auth and monc->monmap. The problem arises because close session() does not interfere with the delayed work to avoid disrupting the hunting interval logic, but this omission allows mon fault() and possibly finish hunting() to requeue the delayed work after cancel delayed work sync() has run, leading to potential use-after-free issues.
Recommendations
  • Clear monc->cur mon and monc->hunting as part of closing the session in ceph monc stop().
  • Bail from delayed work() if monc->cur mon is cleared, similar to how it's done in mon fault() and finish hunting() (based on monc->hunting).
  • Call cancel delayed work sync() after the session is closed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-10465
ALT-PU-2024-11524
ALT-PU-2024-12537
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47561
AZL-47624
BDU:2024-08326
CVE-2024-42232
DLA-4008-1
DSA-5747-1
OESA-2024-2028
OESA-2024-2029
OESA-2024-2030
OESA-2024-2031
OESA-2024-2296
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3249-1
OPENSUSE-SU-2024_3408-1
OPENSUSE-SU-2024_3483-1
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0229-1
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3225-1
SUSE-SU-2024:3227-1
SUSE-SU-2024:3249-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3408-1
SUSE-SU-2024:3467-1
SUSE-SU-2024:3483-1
SUSE-SU-2024:3499-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0229-1
SUSE-SU-2025:02390-1
SUSE-SU-2025:02391-1
SUSE-SU-2025:02392-1
SUSE-SU-2025:02398-1
SUSE-SU-2025:02403-1
SUSE-SU-2025:02416-1
SUSE-SU-2025:02419-1
SUSE-SU-2025:02422-1
SUSE-SU-2025:02436-1
SUSE-SU-2025:02440-1
SUSE-SU-2025:02455-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2
USN-7003-1
USN-7003-2
USN-7003-3
USN-7003-4
USN-7003-5
USN-7006-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu