Description

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.

INFO

Published Date :

2024-06-25T14:22:37.560Z

Last Modified :

2025-05-04T09:13:28.503Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38385 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38385.

URL Resource
https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8 cve-icon cve-icon
https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba cve-icon cve-icon
https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38385-4b3a@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-38385 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-38385 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact