How severe is CVE-2024-39292?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-39292?

This is classified as CWE-415, which is a common weakness in software security.

CVE-2024-39292 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winch_handlers list. If that happens, register_winch_irq() adds to that list a winch that is scheduled to be (or has already been) freed, causing a panic later in winch_cleanup(). Avoid the race by adding the winch to the winch_handlers list before registering the IRQ, and rolling back if um_request_irq() fails.

Related Vulnerabilities

CVE-2014-9807

MEDIUM

CVSS:5.5(Medium)

The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.

CWE-4152014

CVE-2015-5203

MEDIUM

CVSS:5.5(Medium)

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CWE-4152015

CVE-2015-8894

MEDIUM

CVSS:5.5(Medium)

Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.

CWE-4152015

CVE-2017-15330

MEDIUM

CVSS:5.5(Medium)

The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malici...

CWE-4152017

CVE-2017-15364

MEDIUM

CVSS:5.5(Medium)

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. ...

CWE-4152017

CVE-2017-6353

MEDIUM

CVSS:5.5(Medium)

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (inval...

CWE-4152017