CVE-2024-39493 (GCVE-0-2024-39493)

Vulnerability from cvelistv5 – Published: 2024-07-10 07:18 – Updated: 2025-05-04 12:57
VLAI?
Title
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: daba62d9eeddcc5b1081be7d348ca836c83c59d7 , < 0ce5964b82f212f4df6a9813f09a0b5de15bd9c8 (git)
Affected: 8e81cd58aee14a470891733181a47d123193ba81 , < 6396b33e98c096bff9c253ed49c008247963492a (git)
Affected: d03092550f526a79cf1ade7f0dfa74906f39eb71 , < a718b6d2a329e069b27d9049a71be5931e71d960 (git)
Affected: 4ae5a97781ce7d6ecc9c7055396535815b64ca4f , < 3fb4601e0db10d4fe25e46f3fa308d40d37366bd (git)
Affected: 226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7 , < e7428e7e3fe94a5089dc12ffe5bc31574d2315ad (git)
Affected: 8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc , < c2d443aa1ae3175c13a665f3a24b8acd759ce9c3 (git)
Affected: 7d42e097607c4d246d99225bf2b195b6167a210c , < d0fd124972724cce0d48b9865ce3e273ef69e246 (git)
Affected: 7d42e097607c4d246d99225bf2b195b6167a210c , < d3b17c6d9dddc2db3670bc9be628b122416a3d26 (git)
Affected: 0c2cf5142bfb634c0ef0a1a69cdf37950747d0be (git)
Affected: bb279ead42263e9fb09480f02a4247b2c287d828 (git)
Create a notification for this product.
    Linux Linux Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.94 , ≤ 6.1.* (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39493",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T13:38:46.024569Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T13:39:00.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:16.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/intel/qat/qat_common/adf_aer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0ce5964b82f212f4df6a9813f09a0b5de15bd9c8",
              "status": "affected",
              "version": "daba62d9eeddcc5b1081be7d348ca836c83c59d7",
              "versionType": "git"
            },
            {
              "lessThan": "6396b33e98c096bff9c253ed49c008247963492a",
              "status": "affected",
              "version": "8e81cd58aee14a470891733181a47d123193ba81",
              "versionType": "git"
            },
            {
              "lessThan": "a718b6d2a329e069b27d9049a71be5931e71d960",
              "status": "affected",
              "version": "d03092550f526a79cf1ade7f0dfa74906f39eb71",
              "versionType": "git"
            },
            {
              "lessThan": "3fb4601e0db10d4fe25e46f3fa308d40d37366bd",
              "status": "affected",
              "version": "4ae5a97781ce7d6ecc9c7055396535815b64ca4f",
              "versionType": "git"
            },
            {
              "lessThan": "e7428e7e3fe94a5089dc12ffe5bc31574d2315ad",
              "status": "affected",
              "version": "226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7",
              "versionType": "git"
            },
            {
              "lessThan": "c2d443aa1ae3175c13a665f3a24b8acd759ce9c3",
              "status": "affected",
              "version": "8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc",
              "versionType": "git"
            },
            {
              "lessThan": "d0fd124972724cce0d48b9865ce3e273ef69e246",
              "status": "affected",
              "version": "7d42e097607c4d246d99225bf2b195b6167a210c",
              "versionType": "git"
            },
            {
              "lessThan": "d3b17c6d9dddc2db3670bc9be628b122416a3d26",
              "status": "affected",
              "version": "7d42e097607c4d246d99225bf2b195b6167a210c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0c2cf5142bfb634c0ef0a1a69cdf37950747d0be",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bb279ead42263e9fb09480f02a4247b2c287d828",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/intel/qat/qat_common/adf_aer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.19.312",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "5.4.274",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.10.215",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.15.154",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "6.1.84",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call.  Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:04.627Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"
        }
      ],
      "title": "crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39493",
    "datePublished": "2024-07-10T07:18:39.443Z",
    "dateReserved": "2024-06-25T14:23:23.748Z",
    "dateUpdated": "2025-05-04T12:57:04.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.19.312\", \"versionEndExcluding\": \"4.19.316\", \"matchCriteriaId\": \"7D26B120-31EC-4900-BA59-4C7E3305CA07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4.274\", \"versionEndExcluding\": \"5.4.278\", \"matchCriteriaId\": \"EBA12E3E-3226-4BFE-80FA-CD00384BB4A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.10.215\", \"versionEndExcluding\": \"5.10.219\", \"matchCriteriaId\": \"EFD9B2DB-0408-4028-A90E-3F67DBA2BE2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.15.154\", \"versionEndExcluding\": \"5.15.161\", \"matchCriteriaId\": \"3873B618-2078-4018-8EE8-F39FEC6600A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.84\", \"versionEndExcluding\": \"6.1.94\", \"matchCriteriaId\": \"03CF3F67-B04C-40E6-93AB-3D7671078945\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.6.24\", \"versionEndExcluding\": \"6.6.34\", \"matchCriteriaId\": \"EDE3D0DB-AC9D-469B-B743-26B80E88500B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.9\", \"versionEndExcluding\": \"6.9.5\", \"matchCriteriaId\": \"54EDFD02-25E6-4BC8-9AD0-0A59881F400A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\\n\\nUsing completion_done to determine whether the caller has gone\\naway only works after a complete call.  Furthermore it\u0027s still\\npossible that the caller has not yet called wait_for_completion,\\nresulting in another potential UAF.\\n\\nFix this by making the caller use cancel_work_sync and then freeing\\nthe memory safely.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: crypto: qat: corrige la p\\u00e9rdida de memoria ADF_DEV_RESET_SYNC. El uso de complete_done para determinar si la persona que llama se ha ido solo funciona despu\\u00e9s de una llamada completa. Adem\\u00e1s, a\\u00fan es posible que la persona que llama a\\u00fan no haya llamado a wait_for_completion, lo que genera otra posible UAF. Solucione este problema haciendo que la persona que llama use cancel_work_sync y luego liberando la memoria de forma segura.\"}]",
      "id": "CVE-2024-39493",
      "lastModified": "2024-11-21T09:27:48.673",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-07-10T08:15:11.427",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-401\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39493\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-10T08:15:11.427\",\"lastModified\":\"2024-11-21T09:27:48.673\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\\n\\nUsing completion_done to determine whether the caller has gone\\naway only works after a complete call.  Furthermore it\u0027s still\\npossible that the caller has not yet called wait_for_completion,\\nresulting in another potential UAF.\\n\\nFix this by making the caller use cancel_work_sync and then freeing\\nthe memory safely.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: qat: corrige la p\u00e9rdida de memoria ADF_DEV_RESET_SYNC. El uso de complete_done para determinar si la persona que llama se ha ido solo funciona despu\u00e9s de una llamada completa. Adem\u00e1s, a\u00fan es posible que la persona que llama a\u00fan no haya llamado a wait_for_completion, lo que genera otra posible UAF. Solucione este problema haciendo que la persona que llama use cancel_work_sync y luego liberando la memoria de forma segura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.312\",\"versionEndExcluding\":\"4.19.316\",\"matchCriteriaId\":\"7D26B120-31EC-4900-BA59-4C7E3305CA07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.274\",\"versionEndExcluding\":\"5.4.278\",\"matchCriteriaId\":\"EBA12E3E-3226-4BFE-80FA-CD00384BB4A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.215\",\"versionEndExcluding\":\"5.10.219\",\"matchCriteriaId\":\"EFD9B2DB-0408-4028-A90E-3F67DBA2BE2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.154\",\"versionEndExcluding\":\"5.15.161\",\"matchCriteriaId\":\"3873B618-2078-4018-8EE8-F39FEC6600A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.84\",\"versionEndExcluding\":\"6.1.94\",\"matchCriteriaId\":\"03CF3F67-B04C-40E6-93AB-3D7671078945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.24\",\"versionEndExcluding\":\"6.6.34\",\"matchCriteriaId\":\"EDE3D0DB-AC9D-469B-B743-26B80E88500B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.5\",\"matchCriteriaId\":\"54EDFD02-25E6-4BC8-9AD0-0A59881F400A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:26:16.000Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39493\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-10T13:38:46.024569Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-10T13:38:52.663Z\"}}], \"cna\": {\"title\": \"crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"daba62d9eedd\", \"lessThan\": \"0ce5964b82f2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8e81cd58aee1\", \"lessThan\": \"6396b33e98c0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d03092550f52\", \"lessThan\": \"a718b6d2a329\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"4ae5a97781ce\", \"lessThan\": \"3fb4601e0db1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"226fc408c5fc\", \"lessThan\": \"e7428e7e3fe9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8a5a7611ccc7\", \"lessThan\": \"c2d443aa1ae3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7d42e097607c\", \"lessThan\": \"d0fd12497272\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7d42e097607c\", \"lessThan\": \"d3b17c6d9ddd\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/crypto/intel/qat/qat_common/adf_aer.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.9\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.9\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"4.19.316\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.278\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.219\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.161\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.94\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.34\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.5\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/crypto/intel/qat/qat_common/adf_aer.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\"}, {\"url\": \"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\"}, {\"url\": \"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\"}, {\"url\": \"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\"}, {\"url\": \"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\"}, {\"url\": \"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\"}, {\"url\": \"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\"}, {\"url\": \"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\"}], \"x_generator\": {\"engine\": \"bippy-c9c4e1df01b2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\\n\\nUsing completion_done to determine whether the caller has gone\\naway only works after a complete call.  Furthermore it\u0027s still\\npossible that the caller has not yet called wait_for_completion,\\nresulting in another potential UAF.\\n\\nFix this by making the caller use cancel_work_sync and then freeing\\nthe memory safely.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-07-15T06:50:31.925Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39493\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:26:16.000Z\", \"dateReserved\": \"2024-06-25T14:23:23.748Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-10T07:18:39.443Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}