VYPR
← All advisories
High severity7.8NVD Advisory· Published Sep 4, 2024· Updated Apr 9, 2026

CVE-2024-44974

CVE-2024-44974

Description

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: avoid possible UaF when selecting endp

select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free.

A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with.

Affected products

6
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel5 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.7,<5.10.226
    • cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*

Patches

6
ddee5b4b6a1c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
f2c865e9e3ca
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
2b4f46f95036
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
9a9afbbc3fbf
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
0201d65d9806
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
48e50dcbcbaa
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.