{"vulnerability": "CVE-2024-44934", "sightings": [{"uuid": "ba81de14-b615-4ce2-9c7d-2125beab91c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44934", "type": "seen", "source": "https://t.me/cvedetector/4116", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44934 - \"Fortinet Linux Kernel Bridge Multicast Use-After-Free Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-44934 \nPublished : Aug. 26, 2024, 11:15 a.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: bridge: mcast: wait for previous gc cycles when removing port  \n  \nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't  \nmake sure that all previous garbage has been collected when removing a  \nport. What happens is:  \n      CPU 1                   CPU 2  \n start gc cycle           remove port  \n                         acquire gc lock first  \n wait for lock  \n                         call br_multicasg_gc() directly  \n acquire lock now but    free port  \n the port can be freed  \n while grp timers still  \n running  \n  \nMake sure all previous gc cycles have finished by using flush_work before  \nfreeing the port.  \n  \n[1]  \n  BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861  \n  Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699  \n  \n  CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0  \n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024  \n  Call Trace:  \n     \n   __dump_stack lib/dump_stack.c:88 [inline]  \n   dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114  \n   print_address_description mm/kasan/report.c:377 [inline]  \n   print_report+0xc3/0x620 mm/kasan/report.c:488  \n   kasan_report+0xd9/0x110 mm/kasan/report.c:601  \n   br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861  \n   call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792  \n   expire_timers kernel/time/timer.c:1843 [inline]  \n   __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417  \n   __run_timer_base kernel/time/timer.c:2428 [inline]  \n   __run_timer_base kernel/time/timer.c:2421 [inline]  \n   run_timer_base+0x111/0x190 kernel/time/timer.c:2437 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T13:42:43.000000Z"}]}