CVE-2024-44998

atm: idt77252: prevent use after free in dequeue_rx()

Description

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d patch
https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1 patch
https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d patch
https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518 patch
https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55 patch
https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd patch
https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10 patch
https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79 patch

Frequently Asked Questions

What is the severity of CVE-2024-44998?
CVE-2024-44998 has been scored as a high severity vulnerability.
How to fix CVE-2024-44998?
To fix CVE-2024-44998, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-44998 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-44998 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-44998?
CVE-2024-44998 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.