CVE-2024-49925

Summary

In the Linux kernel, the following vulnerability has been resolved:

fbdev: efifb: Register sysfs groups through driver core

The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup.

Also avoid a UAF race during unregistering where the sysctl attributes were usable after the info struct was freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux753375a881caa01112b7cec2c796749154e0bb23 < 2d97b85eb5a86766ad0f8ea3d121e6ae144e3ed8affected
LinuxLinux753375a881caa01112b7cec2c796749154e0bb23 < 2a9c40c72097b583b23aeb2a26d429ccfc81fbc1affected
LinuxLinux753375a881caa01112b7cec2c796749154e0bb23 < 36bfefb6baaa8e46de44f4fd919ce4347337620faffected
LinuxLinux753375a881caa01112b7cec2c796749154e0bb23 < 872cd2d029d2c970a8a1eea88b48dab2b3f2e93aaffected
LinuxLinux753375a881caa01112b7cec2c796749154e0bb23 < 4684d69b9670a83992189f6271dc0fcdec4ed0d7affected
LinuxLinux753375a881caa01112b7cec2c796749154e0bb23 < 95cdd538e0e5677efbdf8aade04ec098ab98f457affected
LinuxLinux4.10affected
LinuxLinux0 < 4.10unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References