Vulnerability DatabaseCVE-2024-27394
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-27394
May 09, 2024
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.
Related ResourcesĀ (5)
https://git.kernel.org/stable/c/80e679b352c3ce5158f3f778cfb77eb767e586fb
https://git.kernel.org/stable/c/ca4fb6c6764b3f75b4f5aa81db1536291897ff7f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
https://nvd.nist.gov/vuln/detail/CVE-2024-27394
https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27394.json
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Use After Free
CWE-416
EPSS
Base Score:
0.02