CVE-2024-56764

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 6, 2025
Updated: Jan 7, 2025
CWE ID 416

Summary

CVE-2024-56764 is a newly identified vulnerability in the Linux kernel that could lead to use-after-free conditions. Specifically, inside the function ublk_abort_requests(), the gendisk reference is grabbed for aborting all inflight requests. However, if add_disk() fails during this process, the gendisk may have already been freed. This can result in use-after-free when the disk's reference is accessed in ublk_abort_requests(). The issue has been addressed by detaching the gendisk from the ublk device if add_disk() fails, thus mitigating the risk of use-after-free vulnerabilities in the Linux kernel.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share