FreeBSD Vulnerability Security Update Advisory (CVE-2024-43102)

Sep 11 2024

Overview

An update has been released to address vulnerabilities in FreeBSD. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-43102

FreeBSD 14.1-STABLE previous version
FreeBSD 14.1-RELEASE-p4 previous version
FreeBSD 14.0-RELEASE-p10 previous version
FreeBSD 13.4-STABLE previous version
FreeBSD 13.4-RC2-p1 previous version
FreeBSD 13.3-RELEASE-p6 previous version

Resolved Vulnerabilities

Parallel execution of a UMTX_SHM_DESTROY subrequest could cause the reference count of a mapping object to be excessively decremented, resulting in the object being freed prematurely, which could lead to a kernel panic or Use-After-Free attack (CVE-2024-43102)

Vulnerability Patches

The following product-specific Vulnerability Patches were made available in the September 4, 2024 update.
For more information on Vulnerability Patches, please refer to the “V. Solution” section of the product-specific Referenced Sites documentation.

CVE-2024-43102

FreeBSD 14.1-STABLE version
FreeBSD 14.1-RELEASE-p4 version
FreeBSD 14.0-RELEASE-p10 version
FreeBSD 13.4-STABLE version
FreeBSD 13.4-RC2-p1 version
FreeBSD 13.3-RELEASE-p6 version

References

[1] CVE-2024-43102 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-43102

[2] umtx Kernel panic or Use-After-Free

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc

FreeBSD Vulnerability Security Update Advisory (CVE-2024-43102)

Siemens Product Security Update Advisory

MS Family September 2024 Routine Security Update Advisory

Tags:

Siemens Product Security Update Advisory

MS Family September 2024 Routine Security Update Advisory