CVE-2024-49945

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/ncsi: Disable the ncsi work before freeing the associated structure

The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2d283bdd079c0ad4da020bbc9e9c2a4280823098 < f6ca58696749268181f43150b3553f2bafd71e42affected
LinuxLinux2d283bdd079c0ad4da020bbc9e9c2a4280823098 < dd41dab62f32d9e9e0669af8459d12a93834b238affected
LinuxLinux2d283bdd079c0ad4da020bbc9e9c2a4280823098 < a0ffa68c70b367358b2672cdab6fa5bc4c40de2caffected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References