Bug 2348513 (CVE-2024-58002)
| Summary: | CVE-2024-58002 kernel: media: uvcvideo: Remove dangling pointers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A dangling pointer vulnerability was found in the Linux kernel. When an async control is written, a copy of a pointer is made in the file handle that started the operation. If the user closes that file descriptor, its structure will be freed and there will be one dangling pointer per pending async control that the driver will try to use, leading to denial of service of the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-02-27 03:01:22 UTC
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025022654-CVE-2024-58002-6f93@gregkh/T This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:11299 https://access.redhat.com/errata/RHSA-2025:11299 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:11298 https://access.redhat.com/errata/RHSA-2025:11298 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:11411 https://access.redhat.com/errata/RHSA-2025:11411 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:11428 https://access.redhat.com/errata/RHSA-2025:11428 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:13029 https://access.redhat.com/errata/RHSA-2025:13029 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:13030 https://access.redhat.com/errata/RHSA-2025:13030 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:13061 https://access.redhat.com/errata/RHSA-2025:13061 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:13120 https://access.redhat.com/errata/RHSA-2025:13120 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:13135 https://access.redhat.com/errata/RHSA-2025:13135 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:13633 https://access.redhat.com/errata/RHSA-2025:13633 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:13776 https://access.redhat.com/errata/RHSA-2025:13776 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:13781 https://access.redhat.com/errata/RHSA-2025:13781 |