CVE-2024-44998

Summary

In the Linux kernel, the following vulnerability has been resolved:

atm: idt77252: prevent use after free in dequeue_rx()

We can't dereference "skb" after calling vcc->push() because the skb is released.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 628ea82190a678a56d2ec38cda3addf3b3a6248daffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 09e086a5f72ea27c758b3f3b419a69000c32adc1affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1cece837e387c039225f19028df255df87a97c0daffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 24cf390a5426aac9255205e9533cdd7b4235d518affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 379a6a326514a3e2f71b674091dfb0e0e7522b55affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ef23c18ab88e33ce000d06a5c6aad0620f219bfdaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 91b4850e7165a4b7180ef1e227733bcb41ccdf10affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a9a18e8f770c9b0703dab93580d0b02e199a4c79affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.19.321 <= 4.19.*unaffected
LinuxLinux5.4.283 <= 5.4.*unaffected
LinuxLinux5.10.225 <= 5.10.*unaffected
LinuxLinux5.15.166 <= 5.15.*unaffected
LinuxLinux6.1.107 <= 6.1.*unaffected
LinuxLinux6.6.48 <= 6.6.*unaffected
LinuxLinux6.10.7 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References