CVE-2024-43888

In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Found by code inspection. [songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab	Patch
https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::

History

16 Apr 2025, 19:15

Type	Values Removed	Values Added
Summary	(en) In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Found by code inspection. [songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil] Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com	(en) In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Found by code inspection. [songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]

27 Aug 2024, 14:37

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: list_lru: corrige UAF para memoria cgroup Se supone que mem_cgroup_from_slab_obj() debe llamarse bajo rcu lock o cgroup_mutex u otros, lo que podría impedir que se libere el memcg devuelto. Solucionarlo agregando el bloqueo de lectura rcu que falta. Encontrado mediante inspección de código. [songmuchun@bytedance.com: solo tome el bloqueo rcu cuando sea necesario, según Vlastimil] Enlace: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com
CPE		cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab -~~	() https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab - Patch
References	~~() https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea -~~	() https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea - Patch
CWE		CWE-416

26 Aug 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-26 11:15

Updated : 2025-04-16 19:15

NVD link : CVE-2024-43888

Mitre link : CVE-2024-43888

CVE.ORG link : CVE-2024-43888

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10