CVE-2024-56765

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 6, 2025
Updated: Jan 7, 2025
CWE ID 416

Summary

CVE-2024-56765 is a vulnerability affecting the Linux kernel's powerpc/pseries/vas subsystem. The issue arises from a missing close() callback in the vas_vm_ops struct, leading to an invalid address being used during migration. As a result, the kernel experiences a use-after-free error, as evidenced by a KASAN report. The issue causes the system to read from an uninitialized memory location, resulting in potential security vulnerabilities and system instability. The vulnerability was discovered during the migration process, where the virtual memory address mapping is not updated properly upon closing a window, causing the paste address mapping to remain accessible, even after it should have been removed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share