In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compression_modes[i]->free() a few lines later resulting in a use after free. The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024102106-CVE-2024-47732-f8aa@gregkh/T
This code is not reachable since it is not call anywhere as shown in the description of the issue from the kernel mailing list As well as the three commits where the issue has been fixed: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c66f0be993ba52410edab06124c54ecf143b05c1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209 For being in the safe side, in case we missed this function call at any given time from the moment which was introduced in 6.8 via b5d534b473e2 commit until has been fixed in 6.10.13, 6.11.2 and 6.12-rc1, in any possible forked code, or exploited via another buffer overflow, we would keep this as low probability flaw which most likely would never happen.