CVE-2024-56765
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-56765 is a vulnerability affecting the Linux kernel's powerpc/pseries/vas subsystem. The issue arises from a missing close() callback in the vas_vm_ops struct, leading to an invalid address being used during migration. As a result, the kernel experiences a use-after-free error, as evidenced by a KASAN report. The issue causes the system to read from an uninitialized memory location, resulting in potential security vulnerabilities and system instability. The vulnerability was discovered during the migration process, where the virtual memory address mapping is not updated properly upon closing a window, causing the paste address mapping to remain accessible, even after it should have been removed.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX