CVE-2024-40989

HIGH

Linux Kernel 5.13-6.1.95, 6.2.0-6.6.35, 6.7.0-6.9.6 - Use-After-Free in KVM Redistributor Region Teardown

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77

Patch

https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c

Patch

https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76

Patch

https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8

Scores

CVSS v3 7.8

EPSS 0.0030

EPSS Percentile 21.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (15)

linux/Kernel 5.13.0 - 6.1.96linux

linux/Kernel 6.2.0 - 6.6.36linux

linux/Kernel 6.7.0 - 6.9.7linux

Linux/Linux < 5.13

Linux/Linux 5.13

Linux/Linux 6.1.96 - 6.1.*

Linux/Linux 6.10

Linux/Linux 6.6.36 - 6.6.*

Linux/Linux 6.9.7 - 6.9.*

Linux/Linux e5a35635464bc5304674b84ea42615a3fd0bd949 - 0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8

... and 5 more

Published Jul 12, 2024

Tracked Since Feb 18, 2026