CVE-2024-43900
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-43900 is a vulnerability found in the Linux kernel that involves a use-after-free condition in the load_firmware_cb() function, leading to potential exploitation. Affected products include various models with identifiers such as Qtrc2o, ohMfk4, and many others listed in the report. The issue arises when a struct tuner is freed during module initialization, yet a worker thread later attempts to access it, resulting in undefined behavior. To remediate this vulnerability, it is recommended to check if the dvb_frontend pointer is null in the load_firmware_cb() function and return a warning if it is. The vulnerability has been rated with a high severity score of 7.8, indicating significant risks to confidentiality and integrity if exploited locally without user interaction.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.