PT-2024-7183 · Linux+4 · Linux Kernel+4

Alexander Lobakin

·

Published

2024-08-07

·

Updated

2026-04-20

·

CVE-2024-44964

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use-after-free (UAF) vulnerability in the idpf driver of the Linux kernel. This vulnerability occurs when the q vector->vport pointers are not restored after reinitializing the structures, leading to memory leaks and crashes during a soft reset. The current logic is fragile and consumes more memory than expected, especially when the system is low on memory. Any error during the rebuild process leaves the old vport in a partially allocated state. If the interface is down when the function is called, it allocates a new queue set, but when the user decides to enable the interface later, vport open() allocates them once again, resulting in a clear memory leak.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-08522
CVE-2024-44964
INFSA-2025_6966
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4346-1
OPENSUSE-SU-2024_4376-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4345-1
SUSE-SU-2024:4346-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7511-1
USN-7511-2
USN-7511-3
USN-7512-1
USN-7515-1
USN-7515-2

Affected Products

Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu