CVE-2024-53068
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-53068 is a Linux kernel vulnerability affecting the arm_scmi driver. The issue occurs due to a premature release of scmi_dev->name in __scmi_device_destroy(), leading to a slab-use-after-free situation. This problem was identified during a kernel address sanitizer (KASAN) scan, which detected a slab memory leak at ffff Hofffff80a482bcc0. The exploitation of this vulnerability could potentially result in arbitrary code execution with the privileges of the affected system. The vulnerability has been rectified by moving the release of scmi_dev->name to scmi_device_release() to prevent slab-use-after-free.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX