Lucene search

Ubuntu.comUB:CVE-2024-36932

HistoryMay 30, 2024 - 12:00 a.m.

CVE-2024-36932

2024-05-3000:00:00

ubuntu.com

linux kernel; cve-2024-36932; thermal/debugfs; use-after-free; vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:
thermal/debugfs: Prevent use-after-free from occurring after cdev removal
Since thermal_debug_cdev_remove() does not run under cdev->lock, it can
run in parallel with thermal_debug_cdev_state_update() and it may free
the struct thermal_debugfs object used by the latter after it has been
checked against NULL.
If that happens, thermal_debug_cdev_state_update() will access memory
that has been freed already causing the kernel to crash.
Address this by using cdev->lock in thermal_debug_cdev_remove() around
the cdev->debugfs value check (in case the same cdev is removed at the
same time in two different threads) and its reset to NULL.
Cc :6.8+ <[email protected]> # 6.8+

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu24.04noarchlinux-gcp< anyUNKNOWN
ubuntu24.04noarchlinux-gke< anyUNKNOWN
ubuntu24.04noarchlinux-ibm< anyUNKNOWN
ubuntu24.04noarchlinux-intel< anyUNKNOWN
ubuntu24.04noarchlinux-lowlatency< anyUNKNOWN
ubuntu24.04noarchlinux-nvidia< anyUNKNOWN
ubuntu24.04noarchlinux-oem-6.8< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gke	< any	UNKNOWN
ubuntu	24.04	noarch	linux-ibm	< any	UNKNOWN
ubuntu	24.04	noarch	linux-intel	< any	UNKNOWN
ubuntu	24.04	noarch	linux-lowlatency	< any	UNKNOWN
ubuntu	24.04	noarch	linux-nvidia	< any	UNKNOWN
ubuntu	24.04	noarch	linux-oem-6.8	< any	UNKNOWN

Rows per page:

1-10 of 131

References

git.kernel.org/linus/d351eb0ab04c3e8109895fc33250cebbce9c11da (6.9-rc7)

git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481

git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da

launchpad.net/bugs/cve/CVE-2024-36932

nvd.nist.gov/vuln/detail/CVE-2024-36932

security-tracker.debian.org/tracker/CVE-2024-36932

www.cve.org/CVERecord?id=CVE-2024-36932

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for UB:CVE-2024-36932