cve-2024-39493
Vulnerability from cvelistv5
Published
2024-07-10 07:18
Modified
2024-12-19 09:07
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
Using completion_done to determine whether the caller has gone
away only works after a complete call. Furthermore it's still
possible that the caller has not yet called wait_for_completion,
resulting in another potential UAF.
Fix this by making the caller use cancel_work_sync and then freeing
the memory safely.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: daba62d9eeddcc5b1081be7d348ca836c83c59d7 Version: 8e81cd58aee14a470891733181a47d123193ba81 Version: d03092550f526a79cf1ade7f0dfa74906f39eb71 Version: 4ae5a97781ce7d6ecc9c7055396535815b64ca4f Version: 226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7 Version: 8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc Version: 7d42e097607c4d246d99225bf2b195b6167a210c Version: 7d42e097607c4d246d99225bf2b195b6167a210c |
||||
|
|||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:38:46.024569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:39:00.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/qat/qat_common/adf_aer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0ce5964b82f212f4df6a9813f09a0b5de15bd9c8",
"status": "affected",
"version": "daba62d9eeddcc5b1081be7d348ca836c83c59d7",
"versionType": "git"
},
{
"lessThan": "6396b33e98c096bff9c253ed49c008247963492a",
"status": "affected",
"version": "8e81cd58aee14a470891733181a47d123193ba81",
"versionType": "git"
},
{
"lessThan": "a718b6d2a329e069b27d9049a71be5931e71d960",
"status": "affected",
"version": "d03092550f526a79cf1ade7f0dfa74906f39eb71",
"versionType": "git"
},
{
"lessThan": "3fb4601e0db10d4fe25e46f3fa308d40d37366bd",
"status": "affected",
"version": "4ae5a97781ce7d6ecc9c7055396535815b64ca4f",
"versionType": "git"
},
{
"lessThan": "e7428e7e3fe94a5089dc12ffe5bc31574d2315ad",
"status": "affected",
"version": "226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7",
"versionType": "git"
},
{
"lessThan": "c2d443aa1ae3175c13a665f3a24b8acd759ce9c3",
"status": "affected",
"version": "8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc",
"versionType": "git"
},
{
"lessThan": "d0fd124972724cce0d48b9865ce3e273ef69e246",
"status": "affected",
"version": "7d42e097607c4d246d99225bf2b195b6167a210c",
"versionType": "git"
},
{
"lessThan": "d3b17c6d9dddc2db3670bc9be628b122416a3d26",
"status": "affected",
"version": "7d42e097607c4d246d99225bf2b195b6167a210c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/intel/qat/qat_common/adf_aer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:07:15.394Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"
},
{
"url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"
},
{
"url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"
},
{
"url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"
},
{
"url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"
},
{
"url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"
},
{
"url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"
},
{
"url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"
}
],
"title": "crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39493",
"datePublished": "2024-07-10T07:18:39.443Z",
"dateReserved": "2024-06-25T14:23:23.748Z",
"dateUpdated": "2024-12-19T09:07:15.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39493\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-10T08:15:11.427\",\"lastModified\":\"2024-11-21T09:27:48.673\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\\n\\nUsing completion_done to determine whether the caller has gone\\naway only works after a complete call. Furthermore it\u0027s still\\npossible that the caller has not yet called wait_for_completion,\\nresulting in another potential UAF.\\n\\nFix this by making the caller use cancel_work_sync and then freeing\\nthe memory safely.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: qat: corrige la p\u00e9rdida de memoria ADF_DEV_RESET_SYNC. El uso de complete_done para determinar si la persona que llama se ha ido solo funciona despu\u00e9s de una llamada completa. Adem\u00e1s, a\u00fan es posible que la persona que llama a\u00fan no haya llamado a wait_for_completion, lo que genera otra posible UAF. Solucione este problema haciendo que la persona que llama use cancel_work_sync y luego liberando la memoria de forma segura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.312\",\"versionEndExcluding\":\"4.19.316\",\"matchCriteriaId\":\"7D26B120-31EC-4900-BA59-4C7E3305CA07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.274\",\"versionEndExcluding\":\"5.4.278\",\"matchCriteriaId\":\"EBA12E3E-3226-4BFE-80FA-CD00384BB4A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.215\",\"versionEndExcluding\":\"5.10.219\",\"matchCriteriaId\":\"EFD9B2DB-0408-4028-A90E-3F67DBA2BE2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.154\",\"versionEndExcluding\":\"5.15.161\",\"matchCriteriaId\":\"3873B618-2078-4018-8EE8-F39FEC6600A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.84\",\"versionEndExcluding\":\"6.1.94\",\"matchCriteriaId\":\"03CF3F67-B04C-40E6-93AB-3D7671078945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.24\",\"versionEndExcluding\":\"6.6.34\",\"matchCriteriaId\":\"EDE3D0DB-AC9D-469B-B743-26B80E88500B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.5\",\"matchCriteriaId\":\"54EDFD02-25E6-4BC8-9AD0-0A59881F400A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.