CVE-2024-42232

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 7, 2024

Updated: Aug 8, 2024

CWE ID 416

Summary

CVE-2024-42232: A vulnerability in the Linux kernel's libceph component has been identified and addressed. The issue lies in the handling of delayed work within ceph_monc_stop(). This process is susceptible to races with mon_fault() and finish_hunting(), leading to use-after-free vulnerabilities in monc and associated objects. To mitigate this, monc->cur_mon and monc->hunting are cleared in ceph_monc_stop(), and delayed_work() is exited if monc->cur_mon is cleared. Additionally, cancel_delayed_work_sync() is invoked following session closure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xVi0a_
https://www.cve.org/CVERecord?id=CVE-2024-42232
https://nvd.nist.gov/vuln/detail/CVE-2024-42232

Back to Vulnerability Database

CVE-2024-42232

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations