7.8

CVE-2024-40956

dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list

Use list_for_each_entry_safe() to allow iterating through the list and
deleting the entry in the iteration process. The descriptor is freed via
idxd_desc_complete() and there's a slight chance may cause issue for
the list iterator when the descriptor is reused by another thread
without it being deleted from the list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.162
LinuxLinux Kernel Version >= 5.16 < 6.1.96
LinuxLinux Kernel Version >= 6.2 < 6.6.36
LinuxLinux Kernel Version >= 6.7 < 6.9.7
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.181
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33
Patch
https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5
Patch
https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd
Patch
https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7
Patch
https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html