Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-49981

Опубликовано: 21 окт. 2024
Источник: nvd
CVSS3: 7
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

media: venus: fix use after free bug in venus_remove due to race condition

in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify.

If we call venus_remove, there might be an unfished work. The possible sequence is as follows:

CPU0 CPU1

|venus_sys_error_handler

venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev

Fix it by canceling the work in venus_remove.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.13 (включая) до 5.10.227 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.15.168 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 6.1.113 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.55 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.10.14 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.11 (включая) до 6.11.3 (исключая)

EPSS

Процентиль: 6%
0.00028
Низкий

7 High

CVSS3

Дефекты

CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2024-49981

CVSS3: 7
ubuntu
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify. If we call venus_remove, there might be an unfished work. The possible sequence is as follows: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Fix it by canceling the work in venus_remove.

redhat логотип

CVE-2024-49981

CVSS3: 7
redhat
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify. If we call venus_remove, there might be an unfished work. The possible sequence is as follows: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Fix it by canceling the work in venus_remove.

msrc логотип

CVE-2024-49981

CVSS3: 7
msrc
7 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-49981

CVSS3: 7
debian
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: m ...

github логотип

GHSA-5frw-42jx-47v6

CVSS3: 7
github
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify. If we call venus_remove, there might be an unfished work. The possible sequence is as follows: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Fix it by canceling the work in venus_remove.

EPSS

Процентиль: 6%
0.00028
Низкий

7 High

CVSS3

Дефекты

CWE-362