PT-2024-7200 · Linux+8 · Linux Kernel+8

Alexandra Winter

·

Published

2024-07-30

·

Updated

2026-03-14

·

CVE-2024-42271

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The vulnerability is related to a use-after-free issue in the iucv sock close() function. The iucv sever path() function is called from both process context and bh context, and iucv->path is used as an indicator of whether someone else is taking care of severing the path. This needs to be done with atomic compare and swap to prevent a small window where iucv sock close() tries to work with a path that has already been severed and freed. The issue can lead to a kernel panic and potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the iucv sever path() function until a patch is available. Additionally, restricting access to the af iucv module can help minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11345
ALT-PU-2024-11524
ALT-PU-2024-11577
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-12232
ALT-PU-2024-12537
ALT-PU-2024-13121
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47808
AZL-47853
BDU:2024-08539
CVE-2024-42271
DLA-4008-1
INFSA-2024_9315
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2077
OESA-2024-2078
OESA-2024-2079
OESA-2024-2080
OESA-2024-2124
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3249-1
OPENSUSE-SU-2024_3408-1
OPENSUSE-SU-2024_3483-1
RHSA-2024:10771
RHSA-2024:9315
RHSA-2024:9497
RHSA-2024:9498
RHSA-2024_9315
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3225-1
SUSE-SU-2024:3227-1
SUSE-SU-2024:3249-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3408-1
SUSE-SU-2024:3483-1
SUSE-SU-2024:3499-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7069-1
USN-7069-2
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7100-1
USN-7100-2
USN-7110-1
USN-7119-1
USN-7123-1
USN-7144-1
USN-7156-1
USN-7194-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu