CVE-2024-27395
Last modified
CVE-2024-27395 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | >= 4.18, < 4.19.313 | — |
| Linux | Linux Kernel | >= 4.20, < 5.4.275 | — |
| Linux | Linux Kernel | >= 5.5, < 5.10.216 | — |
| Linux | Linux Kernel | >= 5.11, < 5.15.158 | — |
| Linux | Linux Kernel | >= 5.16, < 6.1.90 | — |
| Linux | Linux Kernel | >= 6.2, < 6.6.30 | — |
| Linux | Linux Kernel | >= 6.7, < 6.8.9 | — |
| Linux | Linux Kernel | 6.9 | Rc1 |
| Debian | Debian Linux | 10.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-27395?
How severe is CVE-2024-27395?
How do I fix CVE-2024-27395?
Are you affected by CVE-2024-27395?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST