CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-44946

High Severity
Linux
SVRS
54/100
CVSSv3
5.5/10
EPSS
0.0029/1

CVE-2024-44946 describes a use-after-free vulnerability in the Linux kernel's kcm subsystem. This flaw can lead to a double-free condition, potentially causing a system crash or allowing for arbitrary code execution. Specifically, the issue occurs in the kcm_release() function when handling skb (socket buffer) unlinking.

CVE-2024-44946 is a critical vulnerability in the Linux kernel related to the kcm subsystem, which can lead to a use-after-free condition. Although the CVSS score is 5.5 (Medium), the SOCRadar Vulnerability Risk Score (SVRS) of 54 suggests a potentially higher real-world risk due to factors beyond the technical severity, warranting attention. The vulnerability allows for a double-free of skb data in the write queue. If exploited, the use-after-free can lead to system instability and potentially arbitrary code execution. The patch serializes kcm_sendmsg() to prevent concurrent access to the skb, mitigating the vulnerability. Organizations using affected Linux kernel versions should apply the provided patch as soon as possible to prevent potential exploitation.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-08-31
LAST MODIFIED2024-09-04
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-44946 is a Use-After-Free (UAF) vulnerability in the Linux kernel's kcm (Kernel Connection Manager) module. It arises when multiple threads concurrently access and modify a Message Block (skb) with the MSG_MORE flag, leading to double-freeing of the skb. This can result in system crashes or arbitrary code execution.

Key Insights:

  • High Severity: The SVRS of 42 indicates a critical vulnerability that requires immediate attention.
  • Active Exploitation: The vulnerability is actively exploited in the wild, posing a significant threat to affected systems.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, urging organizations to patch their systems promptly.
  • Threat Actors: Specific threat actors or groups actively exploiting this vulnerability are not mentioned in the provided information.

Mitigation Strategies:

  • Apply Software Updates: Install the latest security patches from the Linux vendor to address the vulnerability.
  • Disable kcm Module: If possible, disable the kcm module until a patch is available.
  • Restrict Network Access: Limit network access to vulnerable systems to reduce the risk of exploitation.
  • Implement Intrusion Detection Systems (IDS): Deploy IDS to detect and block malicious activity targeting this vulnerability.

Additional Information:

If you have further queries regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7144-1: Linux kernel (Intel IoTG) vulnerabilities
2024-12-09
USN-7144-1: Linux kernel (Intel IoTG) vulnerabilities | Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code. (CVE-2024-25744) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture
ubuntu.com
rss
forum
news
USN-7123-1: Linux kernel (Azure) vulnerabilities
2024-11-22
USN-7123-1: Linux kernel (Azure) vulnerabilities | It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6610) Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could
ubuntu.com
rss
forum
news
USN-7119-1: Linux kernel (IoT) vulnerabilities
2024-11-20
USN-7119-1: Linux kernel (IoT) vulnerabilities | Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36402) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Android drivers; - Serial ATA and Parallel ATA drivers; - ATM drivers; - Drivers core; - CPU frequency scaling
ubuntu.com
rss
forum
news
USN-7088-5: Linux kernel vulnerabilities
2024-11-15
USN-7088-5: Linux kernel vulnerabilities | Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36402) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Android drivers; - Serial ATA and Parallel ATA drivers; - ATM drivers; - Drivers core; - CPU frequency scaling framework
ubuntu.com
rss
forum
news
USN-7100-2: Linux kernel vulnerabilities
2024-11-12
USN-7100-2: Linux kernel vulnerabilities | Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code. (CVE-2024-25744) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture
ubuntu.com
rss
forum
news
USN-7100-1: Linux kernel vulnerabilities
2024-11-11
USN-7100-1: Linux kernel vulnerabilities | Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code. (CVE-2024-25744) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture
ubuntu.com
rss
forum
news
USN-7088-4: Linux kernel vulnerabilities
2024-11-07
USN-7088-4: Linux kernel vulnerabilities | Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36402) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Android drivers; - Serial ATA and Parallel ATA drivers; - ATM drivers; - Drivers core; - CPU frequency scaling framework
news
ubuntu.com
rss
forum

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
OSLinuxlinux_kernel

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence