CVE-2024-43102

high-risk

Published 2024-09-05

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.

Do I need to act?

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Freebsd

Affected Vendors

Freebsd

References (2)

Vendor Advisory https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.asc

https://security.netapp.com/advisory/ntap-20240916-0001/

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 3/34 · Minimal

Exposure 21/34 · High