CVE-2024-53103

HIGH

Linux Kernel Use-After-Free in hv_sock (affects versions < 4.19.324, 4.20.0-6.12.1)

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.

References (11)

Core 11
Core References

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 14.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (30)
linux/Kernel 4.14.0 - 4.19.324linux
linux/Kernel 4.20.0 - 5.4.286linux
linux/Kernel 5.11.0 - 5.15.172linux
linux/Kernel 5.16.0 - 6.1.117linux
linux/Kernel 5.5.0 - 5.10.230linux
linux/Kernel 6.12.0 - 6.12.1linux
linux/Kernel 6.2.0 - 6.6.61linux
linux/Kernel 6.7.0 - 6.11.8linux
Linux/Linux < 4.14
Linux/Linux 4.14
... and 20 more
Published Dec 02, 2024
Tracked Since Feb 18, 2026