CVE-2024-44998

HIGH

Linux Kernel Use-After-Free in ATM IDT77252 Dequeue RX

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released.

References (10)

Core 10

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d

Patch

https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1

Patch

https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d

Patch

https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518

Patch

https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55

Patch

https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd

Patch

https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10

Patch

https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (27)

linux/Kernel 2.6.12 - 4.19.321linux

linux/Kernel 4.20.0 - 5.4.283linux

linux/Kernel 5.11.0 - 5.15.166linux

linux/Kernel 5.16.0 - 6.1.107linux

linux/Kernel 5.5.0 - 5.10.225linux

linux/Kernel 6.2.0 - 6.6.48linux

linux/Kernel 6.7.0 - 6.10.7linux

Linux/Linux < 2.6.12

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 09e086a5f72ea27c758b3f3b419a69000c32adc1

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1cece837e387c039225f19028df255df87a97c0d

... and 17 more

Published Sep 04, 2024

Tracked Since Feb 18, 2026