CVE-2024-44934

Summary

CVE-2024-44934 is a vulnerability in the Linux kernel affecting various products, which can lead to a use-after-free condition in the bridge multicast handling code. This vulnerability arises when the garbage collection process is not completed before a port is removed, potentially allowing a freed port to be accessed while timers are still running. The severity of this issue is rated as high, with a CVSS score of 7.8, indicating significant risks including unauthorized access or manipulation of sensitive data due to its low attack complexity and local exploitability. To remediate the issue, users should ensure that all previous garbage collection cycles have finished by implementing flush_work before freeing ports. Organizations using affected Linux kernel versions should apply patches available from official sources to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.