Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-49924

Disclosure Date: October 21, 2024 •

CVE-2024-49924 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

fbdev: pxafb: Fix possible use after free in pxafb_task()

In the pxafb_probe function, it calls the pxafb_init_fbinfo function,
after which &fbi->task is associated with pxafb_task. Moreover,
within this pxafb_init_fbinfo function, the pxafb_blank function
within the &pxafb_ops struct is capable of scheduling work.

If we remove the module which will call pxafb_remove to make cleanup,
it will call unregister_framebuffer function which can call
do_unregister_framebuffer to free fbi->fb through
put_fb_info(fb_info), while the work mentioned above will be used.
The sequence of operations that may lead to a UAF bug is as follows:

CPU0 CPU1

                               | pxafb_task

                               | __pxafb_lcd_power(fbi, 0)
                               | fbi->lcd_power(on, &fbi->fb.var)
                               | //use fbi->fb

Fix it by ensuring that the work is canceled before proceeding
with the cleanup in pxafb_remove.

Note that only root user can remove the driver at runtime.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2024-49924 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49924)

Miscellaneous

https://git.kernel.org/stable/c/e6897e299f57b103e999e62010b88e363b3eebae

https://git.kernel.org/stable/c/4cda484e584be34d55ee17436ebf7ad11922b97a

https://git.kernel.org/stable/c/3c0d416eb4bef705f699213cee94bf54b6acdacd

https://git.kernel.org/stable/c/fdda354f60a576d52dcf90351254714681df4370

https://git.kernel.org/stable/c/aaadc0cb05c999ccd8898a03298b7e5c31509b08

https://git.kernel.org/stable/c/a3a855764dbacbdb1cc51e15dc588f2d21c93e0e

https://git.kernel.org/stable/c/4a6921095eb04a900e0000da83d9475eb958e61e

https://git.kernel.org/stable/c/e657fa2df4429f3805a9b3e47fb1a4a1b02a72bd

https://git.kernel.org/stable/c/6d0a07f68b66269e167def6c0b90a219cd3e7473

Rapid7

Unknown

CVE-2024-49924

Unknown

Unknown

None

Low

Local

CVE-2024-49924

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-49924

Unknown

Unknown

None

Low

Local

CVE-2024-49924

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification