In the Linux kernel, the following vulnerability has been resolved:
media: edia: dvbdev: fix a use-after-free
In dvbregisterdevice, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain:
budgetregister |-> dvbdmxdevinit |-> dvbregisterdevice |-> dvbdmxdevrelease |-> dvbunregisterdevice |-> dvbremovedevice |-> dvbdeviceput |-> krefput
When calling dvbunregisterdevice, dmxdev->dvbdev (i.e. *pdvbdev in dvbregisterdevice) could point to memory that had been freed in dvbregisterdevice. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.
{ "vanir_signatures": [ { "id": "CVE-2024-27043-0153f4bf", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192474047894115599938863886806262063550", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "204765935791125355516214216352464642191", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c64f4cdf4e6cc5682c52523713af8c39c94e6d5", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-065044c2", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192474047894115599938863886806262063550", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "204765935791125355516214216352464642191", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7586e902128e4fb7bfbb661cb52e4215a65637b", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-1e3521c9", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "135989625514575011648242642790477231368", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "179728447403800816004227386920648126631", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@437a111f79a2f5b2a5f21e27fdec6f40c8768712", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-309b3193", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "135989625514575011648242642790477231368", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "179728447403800816004227386920648126631", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f20c3270f3ed5aa6919a87e4de9bf6c05fb57086", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-339047e3", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192474047894115599938863886806262063550", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "204765935791125355516214216352464642191", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@779e8db7efb22316c8581d6c229636d2f5694a62", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-5886118c", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "135989625514575011648242642790477231368", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "179728447403800816004227386920648126631", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@096237039d00c839f3e3a5fe6d001bf0db45b644", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-adc71c17", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192474047894115599938863886806262063550", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "204765935791125355516214216352464642191", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@35674111a043b0482a9bc69da8850a83f465b07d", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-c2726879", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "135989625514575011648242642790477231368", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "179728447403800816004227386920648126631", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d3fe80b6d175c220b3e252efc6c6777e700e98e", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-27043-eae2d8bc", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "135989625514575011648242642790477231368", "184961450769577387413901798594590166701", "337993183312572171991864608924519155385", "9605034919896645328320877533049427864", "179728447403800816004227386920648126631", "104730121864565714246935560415774022211", "273958590875585269533747457178629630384", "9605034919896645328320877533049427864", "223880847603767427847894919188716430062", "129698841920499569739991736890353192163", "255907766482442716252730904332826012585", "19372403435905701561792058555671025742", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "167435498410659563066807387439731670649", "310666292606154751106438509433384416163", "867560769044585607137746071940198361", "113569843754374759945466330456621614838", "184090237546382287399842704913786877763", "318929298329687596535344306016050583173" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0f5c28333822f9baa5280d813124920720fd856", "target": { "file": "drivers/media/dvb-core/dvbdev.c" }, "deprecated": false, "signature_version": "v1" } ] }