Login Sign Up

CVE-2024-43102

10.0 CRITICAL
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where concurrent destruction of anonymous shared memory mappings can cause premature freeing of kernel objects. This allows local attackers to crash the kernel or potentially execute arbitrary code, including escaping Capsicum sandboxes. Only FreeBSD systems are affected.

💻 Affected Systems

Products:
  • FreeBSD
Versions: All versions before the patched releases
Operating Systems: FreeBSD
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with local user access. The vulnerability is in kernel code and doesn't require special configurations.

📦 What is this software?

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

Freebsd by Freebsd

View all CVEs affecting Freebsd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or arbitrary code execution with kernel privileges enabling full system compromise and Capsicum sandbox escape.

🟠

Likely Case

Kernel panic causing system crash and denial of service, requiring reboot.

🟢

If Mitigated

Limited impact if proper access controls prevent local users from executing malicious code.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.
🏢 Internal Only: HIGH - Malicious local users or compromised accounts can exploit this to gain root privileges or crash systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel internals. The advisory mentions potential for code execution but doesn't confirm weaponized exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FreeBSD 13.3-RELEASE-p5, 14.1-RELEASE-p1, and 14-STABLE after r327828

Vendor Advisory: https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.asc

Restart Required: Yes

Instructions:

1. Update FreeBSD using 'freebsd-update fetch' and 'freebsd-update install' for RELEASE versions. 2. For STABLE versions, update source and rebuild kernel. 3. Reboot system after patching.

🔧 Temporary Workarounds

No known workarounds

all

This is a kernel-level vulnerability with no configuration-based workarounds documented.

🧯 If You Can't Patch

  • Restrict local user access to essential personnel only
  • Implement strict monitoring of kernel panic events and suspicious local process behavior

🔍 How to Verify

Check if Vulnerable:

Check FreeBSD version with 'uname -a'. If version is before 13.3-RELEASE-p5, 14.1-RELEASE-p1, or 14-STABLE r327828, system is vulnerable.

Check Version:

uname -a

Verify Fix Applied:

After patching and reboot, verify version with 'uname -a' shows patched version. Check that 'freebsd-update fetch' reports no available updates.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/messages
  • Unexpected system reboots
  • Processes attempting unusual umtx operations

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "umtx" OR "UMA")

📊 Metadata

CVE ID: CVE-2024-43102
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-416
Published: September 5, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43102, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)
CVE-2025-49708 9.9

This is a use-after-free vulnerability in Microsoft Graphics Component that allows an authenticated ...

Same vulnerability type (CWE-416)