VDB

DEBIAN-CVE-2024-27396

DEBIAN-CVE-2024-27396 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14linux0, 0
Debian:13linux0, 0
Debian:11linux5.10.148-1, 5.10.92-1, 5.10.92-1~bpo10+1
Debian:12linux6.1.38-2, 6.1.38-2~bpo11+1, 6.1.38-3

Timeline

  • May 14, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›