In the Linux kernel, the following vulnerability has been...
High severity
Unreviewed
Published
May 21, 2024
to the GitHub Advisory Database
•
Updated Dec 26, 2024
Description
Published by the National Vulnerability Database
May 21, 2024
Published to the GitHub Advisory Database
May 21, 2024
Last updated
Dec 26, 2024
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix possible use-after-free by calling del_timer_sync()
This driver's remove path calls del_timer(). However, that function
does not wait until the timer handler finishes. This means that the
timer handler may still be running after the driver's remove function
has finished, which would result in a use-after-free.
Fix by calling del_timer_sync(), which makes sure the timer handler
has finished, and unable to re-schedule itself.
References