CVE-2024-27049

wifi: mt76: mt7925e: fix use-after-free in free_irq()

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore.

References

Link	Tags
https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5	patch
https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f	patch
https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9	patch

Frequently Asked Questions

What is the severity of CVE-2024-27049?: CVE-2024-27049 has been scored as a high severity vulnerability.
How to fix CVE-2024-27049?: To fix CVE-2024-27049, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27049 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-27049 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27049?: CVE-2024-27049 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions