CVE-2024-27394

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-416
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.

Related Vulnerabilities

CVE-2019-13768

HIGH
CVSS:7.4(High)

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

CWE-4162019

CVE-2022-48666

HIGH
CVSS:7.4(High)

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with th...

CWE-4162022

CVE-2023-40107

HIGH
CVSS:7.4(High)

In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User int...

CWE-4162023

CVE-2024-1067

HIGH
CVSS:7.4(High)

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make impr...

CWE-4162024

CVE-2024-23716

HIGH
CVSS:7.4(High)

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution priv...

CWE-4162024