CVE-2024-53103

In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a	Patch
https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a	Patch
https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497	Patch
https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d	Patch
https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd	Patch
https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace	Patch
https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80	Patch
https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3	Patch
https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:-::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc7::::::

History

07 Jan 2025, 16:25

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:-:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
CWE	~~CWE-476~~	CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 7.8

07 Jan 2025, 16:11

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hv_sock: inicialización de vsk->trans en NULL para evitar un puntero colgante. Cuando se lanza hvs, existe la posibilidad de que vsk->trans no se inicialice en NULL, lo que podría provocar un puntero colgante. Este problema se resuelve inicializando vsk->trans en NULL.
References	~~() https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a -~~	() https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a - Patch
References	~~() https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a -~~	() https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a - Patch
References	~~() https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497 -~~	() https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497 - Patch
References	~~() https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d -~~	() https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d - Patch
References	~~() https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd -~~	() https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd - Patch
References	~~() https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace -~~	() https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace - Patch
References	~~() https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80 -~~	() https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80 - Patch
References	~~() https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3 -~~	() https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3 - Patch
References	~~() https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79 -~~	() https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79 - Patch

02 Dec 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-02 08:15

Updated : 2025-01-07 16:25

NVD link : CVE-2024-53103

Mitre link : CVE-2024-53103

CVE.ORG link : CVE-2024-53103

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10