CVE-2024-46674

Summary

CVE-2024-46674 is a vulnerability found in the Linux kernel affecting devices utilizing the DWC3 USB controller, where improper reference counting during error handling can lead to use-after-free conditions. This flaw may result in premature release of device resources, which could allow for unauthorized access or manipulation of sensitive data due to its high impact on integrity and confidentiality. To remediate this issue, users are advised to apply the available patches linked in the kernel's stable repository. The vulnerability has a CVSS base score of 7.8, indicating a high severity level that poses significant risks when exploited locally with low privileges required. Organizations using affected Linux kernel versions should prioritize patching to mitigate potential threats associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.