Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-49945

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-21 Oct, 2024 | 18:02
Updated At-04 May, 2025 | 09:42
Rejected At-
Credits

net/ncsi: Disable the ncsi work before freeing the associated structure

In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:21 Oct, 2024 | 18:02
Updated At:04 May, 2025 | 09:42
Rejected At:
▼CVE Numbering Authority (CNA)
net/ncsi: Disable the ncsi work before freeing the associated structure

In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ncsi/ncsi-manage.c
Default Status
unaffected
Versions
Affected
  • From 2d283bdd079c0ad4da020bbc9e9c2a4280823098 before f6ca58696749268181f43150b3553f2bafd71e42 (git)
  • From 2d283bdd079c0ad4da020bbc9e9c2a4280823098 before dd41dab62f32d9e9e0669af8459d12a93834b238 (git)
  • From 2d283bdd079c0ad4da020bbc9e9c2a4280823098 before a0ffa68c70b367358b2672cdab6fa5bc4c40de2c (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ncsi/ncsi-manage.c
Default Status
affected
Versions
Affected
  • 4.8
Unaffected
  • From 0 before 4.8 (semver)
  • From 6.10.14 through 6.10.* (semver)
  • From 6.11.3 through 6.11.* (semver)
  • From 6.12 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/f6ca58696749268181f43150b3553f2bafd71e42
N/A
https://git.kernel.org/stable/c/dd41dab62f32d9e9e0669af8459d12a93834b238
N/A
https://git.kernel.org/stable/c/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c
N/A
Hyperlink: https://git.kernel.org/stable/c/f6ca58696749268181f43150b3553f2bafd71e42
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/dd41dab62f32d9e9e0669af8459d12a93834b238
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:21 Oct, 2024 | 18:15
Updated At:01 Nov, 2024 | 14:52

In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 4.8(inclusive) to 6.10.14(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.11(inclusive) to 6.11.3(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.12
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/dd41dab62f32d9e9e0669af8459d12a93834b238416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/f6ca58696749268181f43150b3553f2bafd71e42416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/dd41dab62f32d9e9e0669af8459d12a93834b238
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/f6ca58696749268181f43150b3553f2bafd71e42
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

4104Records found
Details not found