CVE-2024-43853

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 416

Summary

CVE-2024-43853 is a use-after-free (UAF) vulnerability affecting the Linux kernel's cpuset subsystem. The issue arises when the root node's cgroup is rebinding to the default root during umount operations, resulting in a UAF when the previously allocated cgroup_root is freed. This can occur when the root node's cgroup is still cached, and the fix involves using rcu_read_lock in proc_cpuset_show() to ensure that css->cgroup won't be freed during the critical section. This issue was discovered by syzkaller and can be reproduced through specific methods involving cat, mount, and umount commands.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share