PT-2024-9291 · Linux+9 · Linux Kernel+9
Taehee Yoo
·
Published
2024-06-13
·
Updated
2025-09-29
·
CVE-2024-39502
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.10.0-rc2+
Description:
The vulnerability is related to the ionic component of the Linux kernel. It occurs when the
netif napi del() function is called, but the .poll pointer is not reset to NULL. As a result, the ionic qcq enable() function may call napi enable() for a queue that has already been unregistered, leading to a use-after-free error. This can cause a kernel bug and potentially allow an attacker to exploit the vulnerability.Recommendations:
To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions 6.10.0-rc2 and later should be used.
At the moment, there is no information about a newer version that contains a fix for this vulnerability, other than updating to 6.10.0-rc2 or later.
Exploit
Fix
Use After Free
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu