CVE-2024-56554
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-56554 is a use-after-free vulnerability affecting the Linux kernel's binder subsystem. Specifically, it was identified in the function `binder_release_work()`, where the cleaning up of a binder reference did not adequately handle any queued "freeze" work. This issue resulted in a situation where the reference was freed while its `ref->freeze.work` was still queued in `proc->work`, leading to a use-after-free condition. The vulnerability was discovered through a KASAN report, which detailed the affected CPU and process information, as well as the call trace leading to the issue. This vulnerability has been addressed through a commit that ensures any queued freeze work is removed when cleaning up a binder reference.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX