CVE-2024-49945

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

References

https://git.kernel.org/stable/c/f6ca58696749268181f43150b3553f2bafd71e42

https://git.kernel.org/stable/c/dd41dab62f32d9e9e0669af8459d12a93834b238

https://git.kernel.org/stable/c/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c

Details

Source: Mitre, NVD

Published: 2024-10-21

Updated: 2024-11-01

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H