CVE-2024-35887

Published: May 19, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USE In order to mitigate bugs, when the device is detaching, use timer_shutdown_sync() to stop the timer.

Vendor	Product	Versions
Linux	Linux	affected `1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 74204bf9050f7627aead9875fe4e07ba125cb19b` affected `1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < c6a368f9c7af4c14b14d390c2543af8001c9bdb9` affected `1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < fd819ad3ecf6f3c232a06b27423ce9ed8c20da89`
Linux	Linux	affected `2.6.12` unaffected `0 - < 2.6.12` unaffected `6.6.26 - <= 6.6.` unaffected `6.8.5 - <= 6.8.` unaffected `6.9 - <= *`

References

https://git.kernel.org/stable/c/74204bf9050f7627aead9875fe4e07ba125cb19b

https://git.kernel.org/stable/c/c6a368f9c7af4c14b14d390c2543af8001c9bdb9

https://git.kernel.org/stable/c/fd819ad3ecf6f3c232a06b27423ce9ed8c20da89

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35887

Description

Affected Products

References