How severe is CVE-2024-38385?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-38385?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2024-38385

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-416

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.

CVE-2014-0203

MEDIUM

CVSS:5.5(Medium)

The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause ...

CWE-4162014

CVE-2014-3471

MEDIUM

CVSS:5.5(Medium)

Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio...

CWE-4162014

CVE-2015-1606

MEDIUM

CVSS:5.5(Medium)

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

CWE-4162015

CVE-2015-5221

MEDIUM

CVSS:5.5(Medium)

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via...

CWE-4162015

CVE-2016-10217

MEDIUM

CVSS:5.5(Medium)

The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that...

CWE-4162016

CVE-2016-1836

MEDIUM

CVSS:5.5(Medium)

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows ...

CWE-4162016

CVE-2024-38385

Vulnerability Description

Related Vulnerabilities

CVE-2014-0203

CVE-2014-3471

CVE-2015-1606

CVE-2015-5221

CVE-2016-10217

CVE-2016-1836