CVE-2024-38385

Published: Jun 25, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.

Vendor	Product	Versions
Linux	Linux	affected `721255b9826bd11c7a38b585905fc2dd0fb94e52 - < 1c7891812d85500ae2ca4051fa5683fcf29930d8` affected `721255b9826bd11c7a38b585905fc2dd0fb94e52 - < d084aa022f84319f8079e30882cbcbc026af9f21` affected `721255b9826bd11c7a38b585905fc2dd0fb94e52 - < b84a8aba806261d2f759ccedf4a2a6a80a5e55ba`
Linux	Linux	affected `6.5` unaffected `0 - < 6.5` unaffected `6.6.34 - <= 6.6.` unaffected `6.9.5 - <= 6.9.` unaffected `6.10 - <= *`

References

https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8

https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21

https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-38385

Description

Affected Products

References