CVE - CVE-2024-49924

CVE-ID
CVE-2024-49924	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafb_task() In the pxafb_probe function, it calls the pxafb_init_fbinfo function, after which &fbi->task is associated with pxafb_task. Moreover, within this pxafb_init_fbinfo function, the pxafb_blank function within the &pxafb_ops struct is capable of scheduling work. If we remove the module which will call pxafb_remove to make cleanup, it will call unregister_framebuffer function which can call do_unregister_framebuffer to free fbi->fb through put_fb_info(fb_info), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 \| pxafb_task pxafb_remove \| unregister_framebuffer(info) \| do_unregister_framebuffer(fb_info) \| put_fb_info(fb_info) \| // free fbi->fb \| set_ctrlr_state(fbi, state) \| __pxafb_lcd_power(fbi, 0) \| fbi->lcd_power(on, &fbi->fb.var) \| //use fbi->fb Fix it by ensuring that the work is canceled before proceeding with the cleanup in pxafb_remove. Note that only root user can remove the driver at runtime.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/3c0d416eb4bef705f699213cee94bf54b6acdacd URL:https://git.kernel.org/stable/c/3c0d416eb4bef705f699213cee94bf54b6acdacd MISC:https://git.kernel.org/stable/c/4a6921095eb04a900e0000da83d9475eb958e61e URL:https://git.kernel.org/stable/c/4a6921095eb04a900e0000da83d9475eb958e61e MISC:https://git.kernel.org/stable/c/4cda484e584be34d55ee17436ebf7ad11922b97a URL:https://git.kernel.org/stable/c/4cda484e584be34d55ee17436ebf7ad11922b97a MISC:https://git.kernel.org/stable/c/a3a855764dbacbdb1cc51e15dc588f2d21c93e0e URL:https://git.kernel.org/stable/c/a3a855764dbacbdb1cc51e15dc588f2d21c93e0e MISC:https://git.kernel.org/stable/c/aaadc0cb05c999ccd8898a03298b7e5c31509b08 URL:https://git.kernel.org/stable/c/aaadc0cb05c999ccd8898a03298b7e5c31509b08 MISC:https://git.kernel.org/stable/c/e6897e299f57b103e999e62010b88e363b3eebae URL:https://git.kernel.org/stable/c/e6897e299f57b103e999e62010b88e363b3eebae MISC:https://git.kernel.org/stable/c/fdda354f60a576d52dcf90351254714681df4370 URL:https://git.kernel.org/stable/c/fdda354f60a576d52dcf90351254714681df4370
Assigning CNA
kernel.org
Date Record Created
20241021	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241021)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)