CVE-2024-57979 (GCVE-0-2024-57979)
Vulnerability from cvelistv5
Published
2025-02-27 02:07
Modified
2025-05-04 13:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...followed by more symptoms of corruption, with similar stacks: refcount_t: underflow; use-after-free. kernel BUG at lib/list_debug.c:62! Kernel panic - not syncing: Oops - BUG: Fatal exception This happens because pps_device_destruct() frees the pps_device with the embedded cdev immediately after calling cdev_del(), but, as the comment above cdev_del() notes, fops for previously opened cdevs are still callable even after cdev_del() returns. I think this bug has always been there: I can't explain why it suddenly started happening every time I reboot this particular board. In commit d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source."), George Spelvin suggested removing the embedded cdev. That seems like the simplest way to fix this, so I've implemented his suggestion, using __register_chrdev() with pps_idr becoming the source of truth for which minor corresponds to which device. But now that pps_idr defines userspace visibility instead of cdev_add(), we need to be sure the pps->dev refcount can't reach zero while userspace can still find it again. So, the idr_remove() call moves to pps_unregister_cdev(), and pps_idr now holds a reference to pps->dev. pps_core: source serial1 got cdev (251:1) <...> pps pps1: removed pps_core: unregistering pps1 pps_core: deallocating pps1
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a7735ab2cb9747518a7416fb5929e85442dec62Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/785c78ed0d39d1717cca3ef931d3e51337b5e90ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7e5ee3281dc09014367f5112b6d566ba36ea2d49Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/85241f7de216f8298f6e48540ea13d7dcd100870Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/91932db1d96b2952299ce30c1c693d834d10ace6Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c79a39dc8d060b9e64e8b0fa9d245d44befeefbePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64Patch
Impacted products
Vendor Product Version
Linux Linux Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: d953e0e837e65ecc1ddaa4f9560f7925878a0de6
Version: 77327a71f9841b7dfa708195d1cb133d4ef4a989
Version: cd59fb14918a6b20c1ac8be121fa6397b97b00cb
Version: 49626fbb0360332e40fd76a48cb2ba876d6134ad
 Create a notification for this product.
   Linux Linux Version: 3.9
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-57979",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T18:14:45.747533Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T18:22:30.363Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pps/clients/pps-gpio.c",
            "drivers/pps/clients/pps-ktimer.c",
            "drivers/pps/clients/pps-ldisc.c",
            "drivers/pps/clients/pps_parport.c",
            "drivers/pps/kapi.c",
            "drivers/pps/kc.c",
            "drivers/pps/pps.c",
            "drivers/ptp/ptp_ocp.c",
            "include/linux/pps_kernel.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "785c78ed0d39d1717cca3ef931d3e51337b5e90e",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "lessThan": "1a7735ab2cb9747518a7416fb5929e85442dec62",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "lessThan": "c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "lessThan": "91932db1d96b2952299ce30c1c693d834d10ace6",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "lessThan": "cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "lessThan": "7e5ee3281dc09014367f5112b6d566ba36ea2d49",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "lessThan": "85241f7de216f8298f6e48540ea13d7dcd100870",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "lessThan": "c79a39dc8d060b9e64e8b0fa9d245d44befeefbe",
              "status": "affected",
              "version": "d953e0e837e65ecc1ddaa4f9560f7925878a0de6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "77327a71f9841b7dfa708195d1cb133d4ef4a989",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "cd59fb14918a6b20c1ac8be121fa6397b97b00cb",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "49626fbb0360332e40fd76a48cb2ba876d6134ad",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pps/clients/pps-gpio.c",
            "drivers/pps/clients/pps-ktimer.c",
            "drivers/pps/clients/pps-ldisc.c",
            "drivers/pps/clients/pps_parport.c",
            "drivers/pps/kapi.c",
            "drivers/pps/kc.c",
            "drivers/pps/pps.c",
            "drivers/ptp/ptp_ocp.c",
            "include/linux/pps_kernel.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.76",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.40",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.4.87",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.8.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n    pps pps1: removed\n    ------------[ cut here ]------------\n    kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n    WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n    CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n    Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n    pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n    pc : kobject_put+0x120/0x150\n    lr : kobject_put+0x120/0x150\n    sp : ffffffc0803d3ae0\n    x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n    x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n    x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n    x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n    x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n    x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n    x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n    x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n    x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n    x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n    Call trace:\n     kobject_put+0x120/0x150\n     cdev_put+0x20/0x3c\n     __fput+0x2c4/0x2d8\n     ____fput+0x1c/0x38\n     task_work_run+0x70/0xfc\n     do_exit+0x2a0/0x924\n     do_group_exit+0x34/0x90\n     get_signal+0x7fc/0x8c0\n     do_signal+0x128/0x13b4\n     do_notify_resume+0xdc/0x160\n     el0_svc+0xd4/0xf8\n     el0t_64_sync_handler+0x140/0x14c\n     el0t_64_sync+0x190/0x194\n    ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n    refcount_t: underflow; use-after-free.\n    kernel BUG at lib/list_debug.c:62!\n    Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n    pps_core: source serial1 got cdev (251:1)\n    \u003c...\u003e\n    pps pps1: removed\n    pps_core: unregistering pps1\n    pps_core: deallocating pps1"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:47.796Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/785c78ed0d39d1717cca3ef931d3e51337b5e90e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a7735ab2cb9747518a7416fb5929e85442dec62"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/91932db1d96b2952299ce30c1c693d834d10ace6"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e5ee3281dc09014367f5112b6d566ba36ea2d49"
        },
        {
          "url": "https://git.kernel.org/stable/c/85241f7de216f8298f6e48540ea13d7dcd100870"
        },
        {
          "url": "https://git.kernel.org/stable/c/c79a39dc8d060b9e64e8b0fa9d245d44befeefbe"
        }
      ],
      "title": "pps: Fix a use-after-free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57979",
    "datePublished": "2025-02-27T02:07:06.168Z",
    "dateReserved": "2025-02-27T02:04:28.912Z",
    "dateUpdated": "2025-05-04T13:01:47.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-57979\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-27T02:15:11.087\",\"lastModified\":\"2025-03-24T19:32:48.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\npps: Fix a use-after-free\\n\\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\\nin sys_exit() from gpsd when rebooting:\\n\\n    pps pps1: removed\\n    ------------[ cut here ]------------\\n    kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\\n    WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\\n    CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\\n    Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\\n    pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n    pc : kobject_put+0x120/0x150\\n    lr : kobject_put+0x120/0x150\\n    sp : ffffffc0803d3ae0\\n    x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\\n    x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\\n    x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\\n    x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\\n    x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\\n    x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\\n    x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\\n    x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\\n    x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\\n    x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\\n    Call trace:\\n     kobject_put+0x120/0x150\\n     cdev_put+0x20/0x3c\\n     __fput+0x2c4/0x2d8\\n     ____fput+0x1c/0x38\\n     task_work_run+0x70/0xfc\\n     do_exit+0x2a0/0x924\\n     do_group_exit+0x34/0x90\\n     get_signal+0x7fc/0x8c0\\n     do_signal+0x128/0x13b4\\n     do_notify_resume+0xdc/0x160\\n     el0_svc+0xd4/0xf8\\n     el0t_64_sync_handler+0x140/0x14c\\n     el0t_64_sync+0x190/0x194\\n    ---[ end trace 0000000000000000 ]---\\n\\n...followed by more symptoms of corruption, with similar stacks:\\n\\n    refcount_t: underflow; use-after-free.\\n    kernel BUG at lib/list_debug.c:62!\\n    Kernel panic - not syncing: Oops - BUG: Fatal exception\\n\\nThis happens because pps_device_destruct() frees the pps_device with the\\nembedded cdev immediately after calling cdev_del(), but, as the comment\\nabove cdev_del() notes, fops for previously opened cdevs are still\\ncallable even after cdev_del() returns. I think this bug has always\\nbeen there: I can\u0027t explain why it suddenly started happening every time\\nI reboot this particular board.\\n\\nIn commit d953e0e837e6 (\\\"pps: Fix a use-after free bug when\\nunregistering a source.\\\"), George Spelvin suggested removing the\\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\\nimplemented his suggestion, using __register_chrdev() with pps_idr\\nbecoming the source of truth for which minor corresponds to which\\ndevice.\\n\\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\\nuserspace can still find it again. So, the idr_remove() call moves to\\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\\n\\n    pps_core: source serial1 got cdev (251:1)\\n    \u003c...\u003e\\n    pps pps1: removed\\n    pps_core: unregistering pps1\\n    pps_core: deallocating pps1\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pps: Se corrige un error de use after free. En una placa que ejecuta ntpd y gpsd, veo un error de use after free constante en sys_exit() desde gpsd al reiniciar: pps pps1: eliminado ------------[ cortar aqu\u00ed ]------------ kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...seguido de m\u00e1s s\u00edntomas de corrupci\u00f3n, con pilas similares: refcount_t: desbordamiento; use after free. \u00a1ERROR del kernel en lib/list_debug.c:62! P\u00e1nico del kernel - no sincroniza: Vaya - ERROR: Excepci\u00f3n fatal Esto sucede porque pps_device_destruct() libera el pps_device con el cdev integrado inmediatamente despu\u00e9s de llamar a cdev_del(), pero, como se\u00f1ala el comentario anterior a cdev_del(), los fops para cdevs abiertos previamente a\u00fan se pueden llamar incluso despu\u00e9s de que cdev_del() regrese. Creo que este error siempre ha estado ah\u00ed: no puedo explicar por qu\u00e9 de repente empez\u00f3 a suceder cada vez que reinicio esta placa en particular. En el commit d953e0e837e6 (\\\"pps: Arreglar un error de use after free al anular el registro de una fuente\\\"), George Spelvin sugiri\u00f3 eliminar el cdev integrado. Esa parece la forma m\u00e1s sencilla de solucionarlo, as\u00ed que he implementado su sugerencia, utilizando __register_chrdev() con pps_idr convirti\u00e9ndose en la fuente de verdad para la cual el menor corresponde a qu\u00e9 dispositivo. Pero ahora que pps_idr define la visibilidad del espacio de usuario en lugar de cdev_add(), debemos asegurarnos de que el recuento de referencias pps-\u0026gt;dev no pueda llegar a cero mientras que el espacio de usuario a\u00fan pueda encontrarlo de nuevo. Entonces, la llamada idr_remove() se mueve a pps_unregister_cdev(), y pps_idr ahora contiene una referencia a pps-\u0026gt;dev. pps_core: la fuente serial1 obtuvo cdev (251:1) \u0026lt;...\u0026gt; pps pps1: eliminado pps_core: anulando el registro de pps1 pps_core: desasignando pps1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2.40\",\"versionEndExcluding\":\"3.3\",\"matchCriteriaId\":\"F30D9EA1-4994-473E-A545-65A9115E1E8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.87\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"82A29D36-DB24-4F3A-B7BE-9EA0D97422CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8.1\",\"versionEndExcluding\":\"5.4.291\",\"matchCriteriaId\":\"98C64726-8808-4F3E-A113-B248DE97B184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.235\",\"matchCriteriaId\":\"545121FA-DE31-4154-9446-C2000FB4104D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.179\",\"matchCriteriaId\":\"C708062C-4E1B-465F-AE6D-C09C46400875\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.129\",\"matchCriteriaId\":\"2DA5009C-C9B9-4A1D-9B96-78427E8F232C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.76\",\"matchCriteriaId\":\"A6D70701-9CB6-4222-A957-00A419878993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.13\",\"matchCriteriaId\":\"2897389C-A8C3-4D69-90F2-E701B3D66373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.2\",\"matchCriteriaId\":\"6D4116B1-1BFD-4F23-BA84-169CC05FC5A3\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1a7735ab2cb9747518a7416fb5929e85442dec62\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/785c78ed0d39d1717cca3ef931d3e51337b5e90e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7e5ee3281dc09014367f5112b6d566ba36ea2d49\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/85241f7de216f8298f6e48540ea13d7dcd100870\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/91932db1d96b2952299ce30c1c693d834d10ace6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c79a39dc8d060b9e64e8b0fa9d245d44befeefbe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-57979\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-27T18:14:45.747533Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-27T18:14:46.978Z\"}}], \"cna\": {\"title\": \"pps: Fix a use-after-free\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"785c78ed0d39d1717cca3ef931d3e51337b5e90e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"1a7735ab2cb9747518a7416fb5929e85442dec62\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"91932db1d96b2952299ce30c1c693d834d10ace6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"7e5ee3281dc09014367f5112b6d566ba36ea2d49\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"85241f7de216f8298f6e48540ea13d7dcd100870\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d953e0e837e65ecc1ddaa4f9560f7925878a0de6\", \"lessThan\": \"c79a39dc8d060b9e64e8b0fa9d245d44befeefbe\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/pps/clients/pps-gpio.c\", \"drivers/pps/clients/pps-ktimer.c\", \"drivers/pps/clients/pps-ldisc.c\", \"drivers/pps/clients/pps_parport.c\", \"drivers/pps/kapi.c\", \"drivers/pps/kc.c\", \"drivers/pps/pps.c\", \"drivers/ptp/ptp_ocp.c\", \"include/linux/pps_kernel.h\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.9\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"3.9\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.291\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.235\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.179\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.129\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.76\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.13.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/pps/clients/pps-gpio.c\", \"drivers/pps/clients/pps-ktimer.c\", \"drivers/pps/clients/pps-ldisc.c\", \"drivers/pps/clients/pps_parport.c\", \"drivers/pps/kapi.c\", \"drivers/pps/kc.c\", \"drivers/pps/pps.c\", \"drivers/ptp/ptp_ocp.c\", \"include/linux/pps_kernel.h\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/785c78ed0d39d1717cca3ef931d3e51337b5e90e\"}, {\"url\": \"https://git.kernel.org/stable/c/1a7735ab2cb9747518a7416fb5929e85442dec62\"}, {\"url\": \"https://git.kernel.org/stable/c/c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7\"}, {\"url\": \"https://git.kernel.org/stable/c/91932db1d96b2952299ce30c1c693d834d10ace6\"}, {\"url\": \"https://git.kernel.org/stable/c/cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64\"}, {\"url\": \"https://git.kernel.org/stable/c/7e5ee3281dc09014367f5112b6d566ba36ea2d49\"}, {\"url\": \"https://git.kernel.org/stable/c/85241f7de216f8298f6e48540ea13d7dcd100870\"}, {\"url\": \"https://git.kernel.org/stable/c/c79a39dc8d060b9e64e8b0fa9d245d44befeefbe\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\npps: Fix a use-after-free\\n\\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\\nin sys_exit() from gpsd when rebooting:\\n\\n    pps pps1: removed\\n    ------------[ cut here ]------------\\n    kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\\n    WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\\n    CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\\n    Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\\n    pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n    pc : kobject_put+0x120/0x150\\n    lr : kobject_put+0x120/0x150\\n    sp : ffffffc0803d3ae0\\n    x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\\n    x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\\n    x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\\n    x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\\n    x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\\n    x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\\n    x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\\n    x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\\n    x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\\n    x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\\n    Call trace:\\n     kobject_put+0x120/0x150\\n     cdev_put+0x20/0x3c\\n     __fput+0x2c4/0x2d8\\n     ____fput+0x1c/0x38\\n     task_work_run+0x70/0xfc\\n     do_exit+0x2a0/0x924\\n     do_group_exit+0x34/0x90\\n     get_signal+0x7fc/0x8c0\\n     do_signal+0x128/0x13b4\\n     do_notify_resume+0xdc/0x160\\n     el0_svc+0xd4/0xf8\\n     el0t_64_sync_handler+0x140/0x14c\\n     el0t_64_sync+0x190/0x194\\n    ---[ end trace 0000000000000000 ]---\\n\\n...followed by more symptoms of corruption, with similar stacks:\\n\\n    refcount_t: underflow; use-after-free.\\n    kernel BUG at lib/list_debug.c:62!\\n    Kernel panic - not syncing: Oops - BUG: Fatal exception\\n\\nThis happens because pps_device_destruct() frees the pps_device with the\\nembedded cdev immediately after calling cdev_del(), but, as the comment\\nabove cdev_del() notes, fops for previously opened cdevs are still\\ncallable even after cdev_del() returns. I think this bug has always\\nbeen there: I can\u0027t explain why it suddenly started happening every time\\nI reboot this particular board.\\n\\nIn commit d953e0e837e6 (\\\"pps: Fix a use-after free bug when\\nunregistering a source.\\\"), George Spelvin suggested removing the\\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\\nimplemented his suggestion, using __register_chrdev() with pps_idr\\nbecoming the source of truth for which minor corresponds to which\\ndevice.\\n\\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\\nuserspace can still find it again. So, the idr_remove() call moves to\\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\\n\\n    pps_core: source serial1 got cdev (251:1)\\n    \u003c...\u003e\\n    pps pps1: removed\\n    pps_core: unregistering pps1\\n    pps_core: deallocating pps1\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.291\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.235\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.179\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.129\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.76\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.13\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13.2\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14\", \"versionStartIncluding\": \"3.9\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"3.2.40\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"3.4.87\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"3.8.1\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T10:07:36.664Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-57979\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T10:07:36.664Z\", \"dateReserved\": \"2025-02-27T02:04:28.912Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-27T02:07:06.168Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.