5.5
CVE-2024-47666
- EPSS 0.21%
- Veröffentlicht 09.10.2024 15:15:15
- Zuletzt bearbeitet 06.12.2025 22:15:49
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
scsi: pm80xx: Set phy->enable_completion only when we wait for it
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 6.6.51
Linux ≫ Linux Kernel Version >= 6.7 < 6.10.10
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.108 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89
https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea
https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84
https://git.kernel.org/stable/c/a5d954802bda1aabcba49633cd94bad91c94113f
https://git.kernel.org/stable/c/ddc501f4130f4baa787cb6cfa309af697179f475
https://git.kernel.org/stable/c/e23ee0cc5bded07e700553aecc333bb20c768546