// For flags

CVE-2024-39493

crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

Using completion_done to determine whether the caller has gone
away only works after a complete call. Furthermore it's still
possible that the caller has not yet called wait_for_completion,
resulting in another potential UAF.

Fix this by making the caller use cancel_work_sync and then freeing
the memory safely.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: qat: corrige la pérdida de memoria ADF_DEV_RESET_SYNC. El uso de complete_done para determinar si la persona que llama se ha ido solo funciona después de una llamada completa. Además, aún es posible que la persona que llama aún no haya llamado a wait_for_completion, lo que genera otra posible UAF. Solucione este problema haciendo que la persona que llama use cancel_work_sync y luego liberando la memoria de forma segura.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-25 CVE Reserved
  • 2024-07-10 CVE Published
  • 2024-08-01 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (17)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.19.312 < 4.19.316
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.312 < 4.19.316"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.4.274 < 5.4.278
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.274 < 5.4.278"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.10.215 < 5.10.219
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.215 < 5.10.219"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.15.154 < 5.15.161
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.154 < 5.15.161"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1.84 < 6.1.94
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.84 < 6.1.94"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6.24 < 6.6.34
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.24 < 6.6.34"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.9 < 6.9.5
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.9.5"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.9 < 6.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.10"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
6.7.12
Search vendor "Linux" for product "Linux Kernel" and version "6.7.12"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
6.8.3
Search vendor "Linux" for product "Linux Kernel" and version "6.8.3"
en
Affected