CVE & CISA-KEV Catalog

CVE-2024-44946

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Thread A resumes building skb from kcm->seq_skb but is blocked by sk_stream_wait_memory() 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb and puts the skb to the write queue 4. Thread A faces an error and finally frees skb that is already in the write queue 5. kcm_release() does double-free the skb in the write queue When a thread is building a MSG_MORE skb, another thread must not touch it. Let's add a per-sk mutex and serialise kcm_sendmsg(). [0]: BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167 CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncated---

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.226-1CVE-2024-44946
Fixed in:6.1.112-1CVE-2024-44946
Fixed in:6.10.7-1CVE-2024-44946
Fixed in:6.10.7-1CVE-2024-44946
linuxUbuntu
Fixed in:5.4.0-200.220USN-7088-1
Fixed in:5.15.0-125.135USN-7100-1
Fixed in:6.8.0-50.51USN-7154-1
linux-awsUbuntu
Fixed in:5.4.0-1135.145USN-7088-4
Fixed in:5.15.0-1072.78USN-7100-2
Fixed in:6.8.0-1020.22USN-7154-1
linux-aws-5.15Ubuntu
Fixed in:5.15.0-1072.78~20.04.1USN-7100-1
linux-aws-5.4Ubuntu
Fixed in:5.4.0-1135.145~18.04.1USN-7088-3
linux-aws-6.8Ubuntu
Fixed in:6.8.0-1020.22~22.04.1USN-7154-1
linux-azureUbuntu
Fixed in:5.4.0-1140.147USN-7088-2
Fixed in:5.15.0-1075.84USN-7123-1
Fixed in:6.8.0-1020.23USN-7196-1
linux-azure-5.15Ubuntu
Fixed in:5.15.0-1078.87~20.04.1USN-7194-1
linux-azure-5.4Ubuntu
Fixed in:5.4.0-1140.147~18.04.1USN-7088-4
linux-azure-6.8Ubuntu
Fixed in:6.8.0-1020.23~22.04.1USN-7196-1
linux-bluefieldUbuntu
Fixed in:5.4.0-1095.102USN-7088-2
linux-gcpUbuntu
Fixed in:5.4.0-1139.148USN-7088-1
Fixed in:5.15.0-1071.79USN-7100-1
Fixed in:6.8.0-1019.21USN-7154-1
linux-gcp-5.15Ubuntu
Fixed in:5.15.0-1071.79~20.04.1USN-7100-1
linux-gcp-5.4Ubuntu
Fixed in:5.4.0-1139.148~18.04.1USN-7088-1
linux-gcp-6.8Ubuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7154-1
linux-gkeUbuntu
Fixed in:5.15.0-1069.75USN-7100-1
Fixed in:6.8.0-1015.19USN-7154-1
linux-gkeopUbuntu
Fixed in:5.4.0-1102.106USN-7088-1
Fixed in:5.15.0-1055.62USN-7100-1
Fixed in:6.8.0-1002.4USN-7156-1
linux-gkeop-5.15Ubuntu
Fixed in:5.15.0-1055.62~20.04.1USN-7100-1
linux-hwe-5.15Ubuntu
Fixed in:5.15.0-125.135~20.04.1USN-7100-1
linux-hwe-5.4Ubuntu
Fixed in:5.4.0-200.220~18.04.1USN-7088-1
linux-hwe-6.8Ubuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-ibmUbuntu
Fixed in:5.4.0-1082.87USN-7088-1
Fixed in:5.15.0-1065.68USN-7100-1
Fixed in:6.8.0-1017.17USN-7154-1
linux-ibm-5.15Ubuntu
Fixed in:5.15.0-1065.68~20.04.1USN-7100-1
linux-ibm-5.4Ubuntu
Fixed in:5.4.0-1082.87~18.04.1USN-7088-1
linux-image-5.15.0-1038-xilinx-zynqmpUbuntu
Fixed in:5.15.0-1038.42USN-7100-1
linux-image-5.15.0-1055-gkeopUbuntu
Fixed in:5.15.0-1055.62~20.04.1USN-7100-1
Fixed in:5.15.0-1055.62USN-7100-1
linux-image-5.15.0-1065-ibmUbuntu
Fixed in:5.15.0-1065.68~20.04.1USN-7100-1
Fixed in:5.15.0-1065.68USN-7100-1
linux-image-5.15.0-1065-raspiUbuntu
Fixed in:5.15.0-1065.68USN-7100-1
linux-image-5.15.0-1067-intel-iotgUbuntu
Fixed in:5.15.0-1067.73~20.04.1USN-7144-1
Fixed in:5.15.0-1067.73USN-7144-1
linux-image-5.15.0-1067-nvidiaUbuntu
Fixed in:5.15.0-1067.68USN-7100-1
linux-image-5.15.0-1067-nvidia-lowlatencyUbuntu
Fixed in:5.15.0-1067.68USN-7100-1
linux-image-5.15.0-1069-gkeUbuntu
Fixed in:5.15.0-1069.75USN-7100-1
linux-image-5.15.0-1069-kvmUbuntu
Fixed in:5.15.0-1069.74USN-7100-1
linux-image-5.15.0-1070-oracleUbuntu
Fixed in:5.15.0-1070.76~20.04.1USN-7100-1
Fixed in:5.15.0-1070.76USN-7100-1
linux-image-5.15.0-1071-gcpUbuntu
Fixed in:5.15.0-1071.79~20.04.1USN-7100-1
Fixed in:5.15.0-1071.79USN-7100-1
linux-image-5.15.0-1072-awsUbuntu
Fixed in:5.15.0-1072.78~20.04.1USN-7100-1
Fixed in:5.15.0-1072.78USN-7100-2
linux-image-5.15.0-1075-azureUbuntu
Fixed in:5.15.0-1075.84USN-7123-1
linux-image-5.15.0-1078-azureUbuntu
Fixed in:5.15.0-1078.87~20.04.1USN-7194-1
linux-image-5.15.0-125-genericUbuntu
Fixed in:5.15.0-125.135~20.04.1USN-7100-1
Fixed in:5.15.0-125.135USN-7100-1
linux-image-5.15.0-125-generic-64kUbuntu
Fixed in:5.15.0-125.135~20.04.1USN-7100-1
Fixed in:5.15.0-125.135USN-7100-1
linux-image-5.15.0-125-generic-lpaeUbuntu
Fixed in:5.15.0-125.135~20.04.1USN-7100-1
Fixed in:5.15.0-125.135USN-7100-1
linux-image-5.15.0-125-lowlatencyUbuntu
Fixed in:5.15.0-125.135~20.04.1USN-7100-1
Fixed in:5.15.0-125.135USN-7100-1
linux-image-5.15.0-125-lowlatency-64kUbuntu
Fixed in:5.15.0-125.135~20.04.1USN-7100-1
Fixed in:5.15.0-125.135USN-7100-1
linux-image-5.4.0-1044-iotUbuntu
Fixed in:5.4.0-1044.45USN-7119-1
linux-image-5.4.0-1054-xilinx-zynqmpUbuntu
Fixed in:5.4.0-1054.58USN-7088-4
linux-image-5.4.0-1082-ibmUbuntu
Fixed in:5.4.0-1082.87~18.04.1USN-7088-1
Fixed in:5.4.0-1082.87USN-7088-1
linux-image-5.4.0-1094-bluefieldUbuntu
Fixed in:5.4.0-1094.101USN-7088-2
linux-image-5.4.0-1102-gkeopUbuntu
Fixed in:5.4.0-1102.106USN-7088-1
linux-image-5.4.0-1119-raspiUbuntu
Fixed in:5.4.0-1119.131~18.04.1USN-7088-5
Fixed in:5.4.0-1119.131USN-7088-5
linux-image-5.4.0-1123-kvmUbuntu
Fixed in:5.4.0-1123.131USN-7088-4
linux-image-5.4.0-1134-oracleUbuntu
Fixed in:5.4.0-1134.143~18.04.1USN-7088-3
Fixed in:5.4.0-1134.143USN-7088-4
linux-image-5.4.0-1135-awsUbuntu
Fixed in:5.4.0-1135.145~18.04.1USN-7088-3
Fixed in:5.4.0-1135.145USN-7088-4
linux-image-5.4.0-1139-azureUbuntu
Fixed in:5.4.0-1139.146USN-7088-2
linux-image-5.4.0-1139-gcpUbuntu
Fixed in:5.4.0-1139.148~18.04.1USN-7088-1
Fixed in:5.4.0-1139.148USN-7088-1
linux-image-5.4.0-1140-azureUbuntu
Fixed in:5.4.0-1140.147~18.04.1USN-7088-4
linux-image-5.4.0-200-genericUbuntu
Fixed in:5.4.0-200.220~18.04.1USN-7088-1
Fixed in:5.4.0-200.220USN-7088-1
linux-image-5.4.0-200-generic-lpaeUbuntu
Fixed in:5.4.0-200.220USN-7088-1
linux-image-5.4.0-200-lowlatencyUbuntu
Fixed in:5.4.0-200.220~18.04.1USN-7088-1
Fixed in:5.4.0-200.220USN-7088-1
linux-image-6.8.0-1002-gkeopUbuntu
Fixed in:6.8.0-1002.4USN-7156-1
linux-image-6.8.0-1015-gkeUbuntu
Fixed in:6.8.0-1015.19USN-7154-1
linux-image-6.8.0-1016-raspiUbuntu
Fixed in:6.8.0-1016.18USN-7154-1
linux-image-6.8.0-1017-ibmUbuntu
Fixed in:6.8.0-1017.17USN-7154-1
linux-image-6.8.0-1017-oracleUbuntu
Fixed in:6.8.0-1017.18~22.04.1USN-7154-1
Fixed in:6.8.0-1017.18USN-7154-1
linux-image-6.8.0-1017-oracle-64kUbuntu
Fixed in:6.8.0-1017.18~22.04.1USN-7154-1
Fixed in:6.8.0-1017.18USN-7154-1
linux-image-6.8.0-1018-oemUbuntu
Fixed in:6.8.0-1018.18USN-7154-1
linux-image-6.8.0-1019-gcpUbuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7154-1
Fixed in:6.8.0-1019.21USN-7154-1
linux-image-6.8.0-1019-nvidiaUbuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7155-1
Fixed in:6.8.0-1019.21USN-7155-1
linux-image-6.8.0-1019-nvidia-64kUbuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7155-1
Fixed in:6.8.0-1019.21USN-7155-1
linux-image-6.8.0-1019-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1019.21.1USN-7155-1
linux-image-6.8.0-1019-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1019.21.1USN-7155-1
linux-image-6.8.0-1020-awsUbuntu
Fixed in:6.8.0-1020.22~22.04.1USN-7154-1
Fixed in:6.8.0-1020.22USN-7154-1
linux-image-6.8.0-1020-azureUbuntu
Fixed in:6.8.0-1020.23~22.04.1USN-7196-1
Fixed in:6.8.0-1020.23USN-7196-1
linux-image-6.8.0-1020-azure-fdeUbuntu
Fixed in:6.8.0-1020.23~22.04.1USN-7196-1
Fixed in:6.8.0-1020.23USN-7196-1
linux-image-6.8.0-50-genericUbuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
Fixed in:6.8.0-50.51USN-7154-1
linux-image-6.8.0-50-generic-64kUbuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
Fixed in:6.8.0-50.51USN-7154-1
linux-image-6.8.0-50-lowlatencyUbuntu
Fixed in:6.8.0-50.51.1~22.04.1USN-7154-1
Fixed in:6.8.0-50.51.1USN-7154-1
linux-image-6.8.0-50-lowlatency-64kUbuntu
Fixed in:6.8.0-50.51.1~22.04.1USN-7154-1
Fixed in:6.8.0-50.51.1USN-7154-1
linux-image-awsUbuntu
Fixed in:5.4.0.1135.145~18.04.1USN-7088-3
Fixed in:5.15.0.1072.78~20.04.1USN-7100-1
Fixed in:6.8.0-1020.22~22.04.1USN-7154-1
Fixed in:6.8.0-1020.22USN-7154-1
linux-image-aws-lts-20.04Ubuntu
Fixed in:5.4.0.1135.132USN-7088-4
linux-image-aws-lts-22.04Ubuntu
Fixed in:5.15.0.1072.72USN-7100-2
linux-image-azureUbuntu
Fixed in:5.4.0.1140.147~18.04.1USN-7088-4
Fixed in:5.15.0.1078.87~20.04.1USN-7194-1
Fixed in:6.8.0-1020.23~22.04.1USN-7196-1
Fixed in:6.8.0-1020.23USN-7196-1
linux-image-azure-cvmUbuntu
Fixed in:5.15.0.1078.87~20.04.1USN-7194-1
linux-image-azure-fdeUbuntu
Fixed in:6.8.0-1020.23~22.04.1USN-7196-1
Fixed in:6.8.0-1020.23USN-7196-1
linux-image-azure-lts-20.04Ubuntu
Fixed in:5.4.0.1139.133USN-7088-2
linux-image-azure-lts-22.04Ubuntu
Fixed in:5.15.0.1075.73USN-7123-1
linux-image-bluefieldUbuntu
Fixed in:5.4.0.1094.90USN-7088-2
linux-image-gcpUbuntu
Fixed in:5.4.0.1139.148~18.04.1USN-7088-1
Fixed in:5.15.0.1071.79~20.04.1USN-7100-1
Fixed in:6.8.0-1019.21~22.04.1USN-7154-1
Fixed in:6.8.0-1019.21USN-7154-1
linux-image-gcp-lts-20.04Ubuntu
Fixed in:5.4.0.1139.141USN-7088-1
linux-image-gcp-lts-22.04Ubuntu
Fixed in:5.15.0.1071.67USN-7100-1
linux-image-genericUbuntu
Fixed in:5.4.0.200.196USN-7088-1
Fixed in:5.15.0.125.124USN-7100-1
Fixed in:6.8.0-50.51USN-7154-1
linux-image-generic-64kUbuntu
Fixed in:5.15.0.125.124USN-7100-1
Fixed in:6.8.0-50.51USN-7154-1
linux-image-generic-64k-hwe-20.04Ubuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-generic-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-generic-64k-hwe-24.04Ubuntu
Fixed in:6.8.0-50.51USN-7154-1
linux-image-generic-hwe-18.04Ubuntu
Fixed in:5.4.0.200.220~18.04.1USN-7088-1
linux-image-generic-hwe-20.04Ubuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-generic-hwe-22.04Ubuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-generic-hwe-24.04Ubuntu
Fixed in:6.8.0-50.51USN-7154-1
linux-image-generic-lpaeUbuntu
Fixed in:5.4.0.200.196USN-7088-1
Fixed in:5.15.0.125.124USN-7100-1
Fixed in:6.8.0-50.51USN-7154-1
linux-image-generic-lpae-hwe-20.04Ubuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-gkeUbuntu
Fixed in:5.15.0.1069.68USN-7100-1
Fixed in:6.8.0-1015.19USN-7154-1
linux-image-gke-5.15Ubuntu
Fixed in:5.15.0.1069.68USN-7100-1
linux-image-gkeopUbuntu
Fixed in:5.4.0.1102.100USN-7088-1
Fixed in:5.15.0.1055.54USN-7100-1
Fixed in:6.8.0-1002.4USN-7156-1
linux-image-gkeop-5.15Ubuntu
Fixed in:5.15.0.1055.62~20.04.1USN-7100-1
Fixed in:5.15.0.1055.54USN-7100-1
linux-image-gkeop-5.4Ubuntu
Fixed in:5.4.0.1102.100USN-7088-1
linux-image-gkeop-6.8Ubuntu
Fixed in:6.8.0-1002.4USN-7156-1
linux-image-ibmUbuntu
Fixed in:5.4.0.1082.87~18.04.1USN-7088-1
Fixed in:5.15.0.1065.68~20.04.1USN-7100-1
Fixed in:5.15.0.1065.61USN-7100-1
Fixed in:6.8.0-1017.17USN-7154-1
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1017.17USN-7154-1
linux-image-ibm-lts-20.04Ubuntu
Fixed in:5.4.0.1082.111USN-7088-1
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1017.17USN-7154-1
linux-image-intelUbuntu
Fixed in:5.15.0.1067.73~20.04.1USN-7144-1
linux-image-intel-iotgUbuntu
Fixed in:5.15.0.1067.73~20.04.1USN-7144-1
Fixed in:5.15.0.1067.67USN-7144-1
linux-image-kvmUbuntu
Fixed in:5.4.0.1123.119USN-7088-4
Fixed in:5.15.0.1069.65USN-7100-1
Fixed in:6.8.0-50.51USN-7154-1
linux-image-lowlatencyUbuntu
Fixed in:5.4.0.200.196USN-7088-1
Fixed in:5.15.0.125.113USN-7100-1
Fixed in:6.8.0-50.51.1USN-7154-1
linux-image-lowlatency-64kUbuntu
Fixed in:5.15.0.125.113USN-7100-1
Fixed in:6.8.0-50.51.1USN-7154-1
linux-image-lowlatency-64k-hwe-20.04Ubuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-lowlatency-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-50.51.1~22.04.1USN-7154-1
linux-image-lowlatency-64k-hwe-24.04Ubuntu
Fixed in:6.8.0-50.51.1USN-7154-1
linux-image-lowlatency-hwe-18.04Ubuntu
Fixed in:5.4.0.200.220~18.04.1USN-7088-1
linux-image-lowlatency-hwe-20.04Ubuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-lowlatency-hwe-22.04Ubuntu
Fixed in:6.8.0-50.51.1~22.04.1USN-7154-1
linux-image-lowlatency-hwe-24.04Ubuntu
Fixed in:6.8.0-50.51.1USN-7154-1
linux-image-nvidiaUbuntu
Fixed in:5.15.0.1067.67USN-7100-1
Fixed in:6.8.0-1019.21USN-7155-1
linux-image-nvidia-6.8Ubuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7155-1
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1019.21USN-7155-1
linux-image-nvidia-64k-6.8Ubuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7155-1
linux-image-nvidia-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7155-1
linux-image-nvidia-hwe-22.04Ubuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7155-1
linux-image-nvidia-lowlatencyUbuntu
Fixed in:5.15.0.1067.67USN-7100-1
Fixed in:6.8.0-1019.21.1USN-7155-1
linux-image-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1019.21.1USN-7155-1
linux-image-oemUbuntu
Fixed in:5.4.0.200.220~18.04.1USN-7088-1
Fixed in:5.4.0.200.196USN-7088-1
linux-image-oem-20.04Ubuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-oem-20.04bUbuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-oem-20.04cUbuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-oem-20.04dUbuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-oem-22.04Ubuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-oem-22.04aUbuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-oem-22.04bUbuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-oem-22.04cUbuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-oem-22.04dUbuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-oem-24.04Ubuntu
Fixed in:6.8.0-1018.18USN-7154-1
linux-image-oem-24.04aUbuntu
Fixed in:6.8.0-1018.18USN-7154-1
linux-image-oem-osp1Ubuntu
Fixed in:5.4.0.200.220~18.04.1USN-7088-1
Fixed in:5.4.0.200.196USN-7088-1
linux-image-oracleUbuntu
Fixed in:5.4.0.1134.143~18.04.1USN-7088-3
Fixed in:5.15.0.1070.76~20.04.1USN-7100-1
Fixed in:6.8.0-1017.18~22.04.1USN-7154-1
Fixed in:6.8.0-1017.18USN-7154-1
linux-image-oracle-64kUbuntu
Fixed in:6.8.0-1017.18~22.04.1USN-7154-1
Fixed in:6.8.0-1017.18USN-7154-1
linux-image-oracle-lts-20.04Ubuntu
Fixed in:5.4.0.1134.127USN-7088-4
linux-image-oracle-lts-22.04Ubuntu
Fixed in:5.15.0.1070.66USN-7100-1
linux-image-raspiUbuntu
Fixed in:5.4.0.1119.149USN-7088-5
Fixed in:5.15.0.1065.63USN-7100-1
Fixed in:6.8.0-1016.18USN-7154-1
linux-image-raspi-hwe-18.04Ubuntu
Fixed in:5.4.0.1119.131~18.04.1USN-7088-5
linux-image-raspi-nolpaeUbuntu
Fixed in:5.15.0.1065.63USN-7100-1
linux-image-raspi2Ubuntu
Fixed in:5.4.0.1119.149USN-7088-5
linux-image-snapdragon-hwe-18.04Ubuntu
Fixed in:5.4.0.200.220~18.04.1USN-7088-1
linux-image-virtualUbuntu
Fixed in:5.4.0.200.196USN-7088-1
Fixed in:5.15.0.125.124USN-7100-1
Fixed in:6.8.0-50.51USN-7154-1
linux-image-virtual-hwe-18.04Ubuntu
Fixed in:5.4.0.200.220~18.04.1USN-7088-1
linux-image-virtual-hwe-20.04Ubuntu
Fixed in:5.15.0.125.135~20.04.1USN-7100-1
linux-image-virtual-hwe-22.04Ubuntu
Fixed in:6.8.0-50.51~22.04.1USN-7154-2
linux-image-virtual-hwe-24.04Ubuntu
Fixed in:6.8.0-50.51USN-7154-1
linux-image-xilinx-zynqmpUbuntu
Fixed in:5.4.0.1054.54USN-7088-4
Fixed in:5.15.0.1038.42USN-7100-1
linux-intel-iotgUbuntu
Fixed in:5.15.0-1067.73USN-7144-1
linux-intel-iotg-5.15Ubuntu
Fixed in:5.15.0-1067.73~20.04.1USN-7144-1
linux-iotUbuntu
Fixed in:5.4.0-1044.45USN-7119-1
linux-kvmUbuntu
Fixed in:5.4.0-1123.131USN-7088-4
Fixed in:5.15.0-1069.74USN-7100-1
linux-lowlatencyUbuntu
Fixed in:5.15.0-125.135USN-7100-1
Fixed in:6.8.0-50.51.1USN-7154-1
linux-lowlatency-hwe-5.15Ubuntu
Fixed in:5.15.0-125.135~20.04.1USN-7100-1
linux-lowlatency-hwe-6.8Ubuntu
Fixed in:6.8.0-50.51.1~22.04.1USN-7154-1
linux-nvidiaUbuntu
Fixed in:5.15.0-1067.68USN-7100-1
Fixed in:6.8.0-1019.21USN-7155-1
linux-nvidia-6.8Ubuntu
Fixed in:6.8.0-1019.21~22.04.1USN-7155-1
linux-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1019.21.1USN-7155-1
linux-oem-6.8Ubuntu
Fixed in:6.8.0-1018.18USN-7154-1
linux-oracleUbuntu
Fixed in:5.4.0-1134.143USN-7088-4
Fixed in:5.15.0-1070.76USN-7100-1
Fixed in:6.8.0-1017.18USN-7154-1
linux-oracle-5.15Ubuntu
Fixed in:5.15.0-1070.76~20.04.1USN-7100-1
linux-oracle-5.4Ubuntu
Fixed in:5.4.0-1134.143~18.04.1USN-7088-3
linux-oracle-6.8Ubuntu
Fixed in:6.8.0-1017.18~22.04.1USN-7154-1
linux-raspiUbuntu
Fixed in:5.4.0-1119.131USN-7088-5
Fixed in:5.15.0-1065.68USN-7100-1
Fixed in:6.8.0-1016.18USN-7154-1
linux-raspi-5.4Ubuntu
Fixed in:5.4.0-1119.131~18.04.1USN-7088-5
linux-xilinx-zynqmpUbuntu
Fixed in:5.4.0-1054.58USN-7088-4
Fixed in:5.15.0-1038.42USN-7100-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.82%probability of exploitation in 30 days
53rdpercentile

Moderate risk: more likely to be exploited than 53% of all known CVEs.

References

Related Vulnerabilities

Other CWE-416 (Use After Free) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2019-0708Critical9.8100%KEV + Ransom-
CVE-2021-31166Critical9.8100%KEVFix
CVE-2015-5119Critical9.899%KEV-
CVE-2010-3962High8.197%KEV-
CVE-2015-0313Critical9.896%KEVFix
CVE-2017-9798High7.595%-Fix
Embed a live status badge for CVE-2024-44946
CVE-2024-44946 severity badge

Markdown

[![CVE-2024-44946](https://tridentstack.com/cve/badge/CVE-2024-44946.svg)](https://tridentstack.com/cve/CVE-2024-44946)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-44946"><img src="https://tridentstack.com/cve/badge/CVE-2024-44946.svg" alt="CVE-2024-44946"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-03.