CVE-2024-38385 - Vulnerability Details

- genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()

Description

In the Linux kernel, the following vulnerability has been resolved:

genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()

irq_find_at_or_after() dereferences the interrupt descriptor which is
returned by mt_find() while neither holding sparse_irq_lock nor RCU read
lock, which means the descriptor can be freed between mt_find() and the
dereference:

CPU0 CPU1
desc = mt_find()
delayed_free_desc(desc)
irq_desc_get_irq(desc)

The use-after-free is reported by KASAN:

Call trace:
irq_get_next_irq+0x58/0x84
show_stat+0x638/0x824
seq_read_iter+0x158/0x4ec
proc_reg_read_iter+0x94/0x12c
vfs_read+0x1e0/0x2c8

Freed by task 4471:
slab_free_freelist_hook+0x174/0x1e0
__kmem_cache_free+0xa4/0x1dc
kfree+0x64/0x128
irq_kobj_release+0x28/0x3c
kobject_put+0xcc/0x1e0
delayed_free_desc+0x14/0x2c
rcu_do_batch+0x214/0x720

Guard the access with a RCU read lock section.

Published: 2024-06-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`721255b9826bd11c7a38b585905fc2dd0fb94e52`	affected	< 1c7891812d85500ae2ca4051fa5683fcf29930d8
`721255b9826bd11c7a38b585905fc2dd0fb94e52`	affected	< d084aa022f84319f8079e30882cbcbc026af9f21
`721255b9826bd11c7a38b585905fc2dd0fb94e52`	affected	< b84a8aba806261d2f759ccedf4a2a6a80a5e55ba

Linux

affected

Version	Status	Constraints
`6.5`	affected	—
`0`	unaffected	< 6.5
`6.6.34`	unaffected	≤ 6.6.*
`6.9.5`	unaffected	≤ 6.9.*
`6.10`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Ubuntu USN	USN-6999-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6999-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7004-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7005-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7005-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7008-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7029-1	Linux kernel vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8
https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba
https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21
https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38385-4b3a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38385
https://www.cve.org/CVERecord?id=CVE-2024-38385

History

Tue, 05 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 03 Sep 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-25T14:22:37.560Z

Updated: 2026-05-11T20:18:33.139Z

Reserved: 2024-06-24T13:54:11.033Z

Link: CVE-2024-38385

Vulnrichment

Updated: 2024-08-02T04:04:25.138Z

NVD

Status : Modified

Published: 2024-06-25T15:15:13.487

Modified: 2024-11-21T09:25:33.840

Link: CVE-2024-38385

Redhat

Severity : Low

Publid Date: 2024-06-25T00:00:00Z

Links: CVE-2024-38385 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object