Vulnerabilities > CVE-2024-42285 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5
- https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a
- https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae
- https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4
- https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6
- https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574
- https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79
- https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6