CVE-2024-43888

NVD Published Date: August 26, 2024 at 11:15 AM
NVD Last Modified: August 27, 2024 at 02:37 PM
Download Patch
Vulnerability ID
CVE-2024-43888
Severity
HIGH
Severity Score
7.8
Summary
In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Found by code inspection. [songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil] Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-416

Recent Publish

CVE-2024-43891

CVE-2024-43897

CVE-2024-44942

CVE-2024-44939

CVE-2024-44565

CVE-2024-44941

See SecOps Solution
in action

Schedule Demo