CVE-2024-42285

Published: Aug 17, 2024Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished.

Affected (7)

Products: Linux: Linux Kernel

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.20 to 5.4.282
Linux Linux Kernel	From 4.8 to 4.19.320
Linux Linux Kernel	From 5.11 to 5.15.165
Linux Linux Kernel	From 5.16 to 6.1.103
Linux Linux Kernel	From 5.5 to 5.10.224
Linux Linux Kernel	From 6.2 to 6.6.44
Linux Linux Kernel	From 6.7 to 6.10.3

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (10)

https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.