CVE-2024-27052

2024-05-0100:00:00

ubuntu.com

linux kernel

vulnerability

wifi driver

rtl8xxxu

use-after-free

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved: wifi:
rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still
be running, when the driver is stopped. To avoid a use-after-free, call
cancel_work_sync() in rtl8xxxu_stop().

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< 5.15.0-112.122UNKNOWN
ubuntu24.04noarchlinux< 6.8.0-35.35UNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1063.69UNKNOWN
ubuntu24.04noarchlinux-aws< 6.8.0-1009.9UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1063.69~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1066.75UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-112.122	UNKNOWN
ubuntu	24.04	noarch	linux	< 6.8.0-35.35	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1063.69	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< 6.8.0-1009.9	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1063.69~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1066.75	UNKNOWN