CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure

Description

In the Linux kernel, the following vulnerability has been resolved:

net/ncsi: Disable the ncsi work before freeing the associated structure

The work function can run after the ncsi device is freed, resulting
in use-after-free bugs or kernel panic.

Classification

CVE ID: CVE-2024-49945

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 9.2% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49945
https://git.kernel.org/stable/c/f6ca58696749268181f43150b3553f2bafd71e42
https://git.kernel.org/stable/c/dd41dab62f32d9e9e0669af8459d12a93834b238
https://git.kernel.org/stable/c/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c

Timeline