CVE-2024-53139
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Dec 4, 2024
Updated: Dec 11, 2024
CWE ID 416
Summary
CVE-2024-53139 is a Linux kernel vulnerability affecting the sctp subsystem. The issue involves a use-after-free (UAF) condition in the function sctp_v6_available(). This vulnerability can potentially be exploited if a process calls dev_get_by_index_rcu() and ipv6_chk_addr() without holding the RCU lock, leading to a lockdep warning and a suspicious RCU usage scenario. The vulnerability was discovered during a kernel lockdep report and may cause a system crash or allow an attacker to execute arbitrary code.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Linux Kernel
Affected Vendors
- LINUX