Vulnerability-Lookup

CERTFR-2024-AVI-1033

Vulnerability from certfr_avis - Published: 2024-11-29 - Updated: 2024-11-29

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.3
SUSE	N/A	SUSE Linux Enterprise Micro 5.3
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.2
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.4
SUSE	N/A	SUSE Linux Enterprise Micro 5.2
SUSE	N/A	SUSE Linux Enterprise Micro 5.1
SUSE	N/A	SUSE Linux Enterprise Micro 5.4

References

Title

Publication Time

CVE-2024-47747 (GCVE-0-2024-47747)

Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-12 11:58

Title

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

Summary

In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | ether3_ledoff ether3_remove | free_netdev(dev); | put_devic | kfree(dev); | | ether3_outw(priv(dev)->regs.config2 |= CFG2_CTRLO, REG_CONFIG2); | // use dev Fix it by ensuring that the timer is canceled before proceeding with the cleanup in ether3_remove.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

12 references

URL	Tags
https://git.kernel.org/stable/c/25d559ed2beec9b34…
https://git.kernel.org/stable/c/b5a84b6c772564c83…
https://git.kernel.org/stable/c/338a0582b28e69460…
https://git.kernel.org/stable/c/822c7bb1f6f8b0331…
https://git.kernel.org/stable/c/1c57d61a43293252a…
https://git.kernel.org/stable/c/d2abc379071881798…
https://git.kernel.org/stable/c/516dbc6d166374308…
https://git.kernel.org/stable/c/77a77331cef0a219b…
https://git.kernel.org/stable/c/b5109b60ee4fcb2f2…
https://lists.debian.org/debian-lts-announce/2025…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

6 products

Vendor	Product	Version
Linux	Linux	Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 25d559ed2beec9b34045886100dac46d1ad92eba (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 338a0582b28e69460df03af50e938b86b4206353 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 822c7bb1f6f8b0331e8d1927151faf8db3b33afd (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 1c57d61a43293252ad732007c7070fdb112545fd (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < d2abc379071881798d20e2ac1d332ad855ae22f3 (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 516dbc6d16637430808c39568cbb6b841d32b55b (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < 77a77331cef0a219b8dd91361435eeef04cb741c (git) Affected: 6fd9c53f71862a4797b7ed8a5de80e2c64829f56 , < b5109b60ee4fcb2f2bb24f589575e10cc5283ad4 (git)
Linux	Linux	Affected: 4.15 Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V3.2 (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Affected: 0 , < V3.2 (custom)
Siemens	SCALANCE XCM-/XRM-/XCH-/XRH-300 family	Affected: 0 , < V3.2 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T12:58:25.330423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:13.623Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:21:41.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:58:50.849Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/seeq/ether3.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "25d559ed2beec9b34045886100dac46d1ad92eba",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "338a0582b28e69460df03af50e938b86b4206353",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "822c7bb1f6f8b0331e8d1927151faf8db3b33afd",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "1c57d61a43293252ad732007c7070fdb112545fd",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "d2abc379071881798d20e2ac1d332ad855ae22f3",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "516dbc6d16637430808c39568cbb6b841d32b55b",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "77a77331cef0a219b8dd91361435eeef04cb741c",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            },
            {
              "lessThan": "b5109b60ee4fcb2f2bb24f589575e10cc5283ad4",
              "status": "affected",
              "version": "6fd9c53f71862a4797b7ed8a5de80e2c64829f56",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/seeq/ether3.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0                                    CPU1\n\n                      |  ether3_ledoff\nether3_remove         |\n  free_netdev(dev);   |\n  put_devic           |\n  kfree(dev);         |\n |  ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n                      | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:39:58.607Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/25d559ed2beec9b34045886100dac46d1ad92eba"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9"
        },
        {
          "url": "https://git.kernel.org/stable/c/338a0582b28e69460df03af50e938b86b4206353"
        },
        {
          "url": "https://git.kernel.org/stable/c/822c7bb1f6f8b0331e8d1927151faf8db3b33afd"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c57d61a43293252ad732007c7070fdb112545fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2abc379071881798d20e2ac1d332ad855ae22f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/516dbc6d16637430808c39568cbb6b841d32b55b"
        },
        {
          "url": "https://git.kernel.org/stable/c/77a77331cef0a219b8dd91361435eeef04cb741c"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5109b60ee4fcb2f2bb24f589575e10cc5283ad4"
        }
      ],
      "title": "net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47747",
    "datePublished": "2024-10-21T12:14:13.783Z",
    "dateReserved": "2024-09-30T16:00:12.960Z",
    "dateUpdated": "2026-05-12T11:58:50.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47748 (GCVE-0-2024-47748)

Vulnerability from cvelistv5 – Published: 2024-10-21 12:14 – Updated: 2026-05-11 20:39

Title

vhost_vdpa: assign irq bypass producer token correctly

Summary

In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: assign irq bypass producer token correctly We used to call irq_bypass_unregister_producer() in vhost_vdpa_setup_vq_irq() which is problematic as we don't know if the token pointer is still valid or not. Actually, we use the eventfd_ctx as the token so the life cycle of the token should be bound to the VHOST_SET_VRING_CALL instead of vhost_vdpa_setup_vq_irq() which could be called by set_status(). Fixing this by setting up irq bypass producer's token when handling VHOST_SET_VRING_CALL and un-registering the producer before calling vhost_vring_ioctl() to prevent a possible use after free as eventfd could have been released in vhost_vring_ioctl(). And such registering and unregistering will only be done if DRIVER_OK is set.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/0c170b1e918b9afac…
https://git.kernel.org/stable/c/927a2580208e0f9b0…
https://git.kernel.org/stable/c/ec5f1b54ceb234750…
https://git.kernel.org/stable/c/ca64edd7ae93402af…
https://git.kernel.org/stable/c/fae9b1776f53aab93…
https://git.kernel.org/stable/c/7cf2fb51175cafe01…
https://git.kernel.org/stable/c/02e9e9366fefe4617…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 927a2580208e0f9b0b47b08f1c802b7233a7ba3c (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < ec5f1b54ceb23475049ada6e7a43452cf4df88d1 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < ca64edd7ae93402af2596a952e0d94d545e2b9c0 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < fae9b1776f53aab93ab345bdbf653b991aed717d (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 7cf2fb51175cafe01df8c43fa15a06194a59c6e2 (git) Affected: 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 , < 02e9e9366fefe461719da5d173385b6685f70319 (git)
Linux	Linux	Affected: 5.9 Unaffected: 0 , < 5.9 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47748",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T12:58:17.248658Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:13.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:21:42.762Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vhost/vdpa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0",
              "status": "affected",
              "version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
              "versionType": "git"
            },
            {
              "lessThan": "927a2580208e0f9b0b47b08f1c802b7233a7ba3c",
              "status": "affected",
              "version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
              "versionType": "git"
            },
            {
              "lessThan": "ec5f1b54ceb23475049ada6e7a43452cf4df88d1",
              "status": "affected",
              "version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
              "versionType": "git"
            },
            {
              "lessThan": "ca64edd7ae93402af2596a952e0d94d545e2b9c0",
              "status": "affected",
              "version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
              "versionType": "git"
            },
            {
              "lessThan": "fae9b1776f53aab93ab345bdbf653b991aed717d",
              "status": "affected",
              "version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
              "versionType": "git"
            },
            {
              "lessThan": "7cf2fb51175cafe01df8c43fa15a06194a59c6e2",
              "status": "affected",
              "version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
              "versionType": "git"
            },
            {
              "lessThan": "02e9e9366fefe461719da5d173385b6685f70319",
              "status": "affected",
              "version": "2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vhost/vdpa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: assign irq bypass producer token correctly\n\nWe used to call irq_bypass_unregister_producer() in\nvhost_vdpa_setup_vq_irq() which is problematic as we don\u0027t know if the\ntoken pointer is still valid or not.\n\nActually, we use the eventfd_ctx as the token so the life cycle of the\ntoken should be bound to the VHOST_SET_VRING_CALL instead of\nvhost_vdpa_setup_vq_irq() which could be called by set_status().\n\nFixing this by setting up irq bypass producer\u0027s token when handling\nVHOST_SET_VRING_CALL and un-registering the producer before calling\nvhost_vring_ioctl() to prevent a possible use after free as eventfd\ncould have been released in vhost_vring_ioctl(). And such registering\nand unregistering will only be done if DRIVER_OK is set."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:39:59.727Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/927a2580208e0f9b0b47b08f1c802b7233a7ba3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec5f1b54ceb23475049ada6e7a43452cf4df88d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca64edd7ae93402af2596a952e0d94d545e2b9c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/fae9b1776f53aab93ab345bdbf653b991aed717d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cf2fb51175cafe01df8c43fa15a06194a59c6e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/02e9e9366fefe461719da5d173385b6685f70319"
        }
      ],
      "title": "vhost_vdpa: assign irq bypass producer token correctly",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47748",
    "datePublished": "2024-10-21T12:14:14.448Z",
    "dateReserved": "2024-09-30T16:00:12.960Z",
    "dateUpdated": "2026-05-11T20:39:59.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49860 (GCVE-0-2024-49860)

Vulnerability from cvelistv5 – Published: 2024-10-21 12:27 – Updated: 2026-05-11 20:40

Title

ACPI: sysfs: validate return type of _STR method

Summary

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

11 references

URL	Tags
https://git.kernel.org/stable/c/92fd5209fc014405f…
https://git.kernel.org/stable/c/2364b6af90c6b6d8a…
https://git.kernel.org/stable/c/4b081991c4363e072…
https://git.kernel.org/stable/c/0cdfb9178a3bba843…
https://git.kernel.org/stable/c/5c8d007c14aefc3f2…
https://git.kernel.org/stable/c/f0921ecd4ddc14646…
https://git.kernel.org/stable/c/f51e5a88f2e722485…
https://git.kernel.org/stable/c/f51f711d36e61fbb8…
https://git.kernel.org/stable/c/4bb1e7d027413835b…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 92fd5209fc014405f63a7db79802ca4b01dc0c05 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 2364b6af90c6b6d8a4783e0d3481ca80af699554 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 4b081991c4363e072e1748efed0bbec8a77daba5 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 0cdfb9178a3bba843c95c2117c82c15f1a64b9ce (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 5c8d007c14aefc3f2ddf71e4c40713733dc827be (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < f0921ecd4ddc14646bb5511f49db4d7d3b0829f0 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < f51e5a88f2e7224858b261546cf6b3037dfb1323 (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < f51f711d36e61fbb87c67b524fd200e05172668d (git) Affected: d1efe3c324ead77d3f6cd85093b50f6bd2e17aba , < 4bb1e7d027413835b086aed35bc3f0713bc0f72b (git)
Linux	Linux	Affected: 3.7 Unaffected: 0 , < 3.7 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.54 , ≤ 6.6.* (semver) Unaffected: 6.10.13 , ≤ 6.10.* (semver) Unaffected: 6.11.2 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T12:55:46.676497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:04:10.485Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:30.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/device_sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "92fd5209fc014405f63a7db79802ca4b01dc0c05",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "2364b6af90c6b6d8a4783e0d3481ca80af699554",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "4b081991c4363e072e1748efed0bbec8a77daba5",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "0cdfb9178a3bba843c95c2117c82c15f1a64b9ce",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "5c8d007c14aefc3f2ddf71e4c40713733dc827be",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "f0921ecd4ddc14646bb5511f49db4d7d3b0829f0",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "f51e5a88f2e7224858b261546cf6b3037dfb1323",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "f51f711d36e61fbb87c67b524fd200e05172668d",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            },
            {
              "lessThan": "4bb1e7d027413835b086aed35bc3f0713bc0f72b",
              "status": "affected",
              "version": "d1efe3c324ead77d3f6cd85093b50f6bd2e17aba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/device_sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.54",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.13",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.2",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: sysfs: validate return type of _STR method\n\nOnly buffer objects are valid return values of _STR.\n\nIf something else is returned description_show() will access invalid\nmemory."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:40:37.641Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05"
        },
        {
          "url": "https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5"
        },
        {
          "url": "https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c8d007c14aefc3f2ddf71e4c40713733dc827be"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f51e5a88f2e7224858b261546cf6b3037dfb1323"
        },
        {
          "url": "https://git.kernel.org/stable/c/f51f711d36e61fbb87c67b524fd200e05172668d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4bb1e7d027413835b086aed35bc3f0713bc0f72b"
        }
      ],
      "title": "ACPI: sysfs: validate return type of _STR method",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49860",
    "datePublished": "2024-10-21T12:27:18.640Z",
    "dateReserved": "2024-10-21T12:17:06.017Z",
    "dateUpdated": "2026-05-11T20:40:37.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49867 (GCVE-0-2024-49867)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-05-23 15:53

Title

btrfs: wait for fixup workers before stopping cleaner kthread during umount

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the kthread, it basically halts its execution (wake ups against it work but do nothing); 2) We stop the cleaner kthread - this results in freeing the respective struct task_struct; 3) We call btrfs_stop_all_workers() which waits for any jobs running in all the work queues and then free the work queues. Syzbot reported a case where a fixup worker resulted in a crash when doing a delayed iput on its inode while attempting to wake up the cleaner at btrfs_add_delayed_iput(), because the task_struct of the cleaner kthread was already freed. This can happen during unmount because we don't wait for any fixup workers still running before we call kthread_stop() against the cleaner kthread, which stops and free all its resources. Fix this by waiting for any fixup workers at close_ctree() before we call kthread_stop() against the cleaner and run pending delayed iputs. The stack traces reported by syzbot were the following: BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-fixup btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154 btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842 btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:247 [inline] slab_post_alloc_hook mm/slub.c:4086 [inline] slab_alloc_node mm/slub.c:4135 [inline] kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1107 copy_process+0x5d1/0x3d50 kernel/fork.c:2206 kernel_clone+0x223/0x880 kernel/fork.c:2787 kernel_thread+0x1bc/0x240 kernel/fork.c:2849 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:765 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 61: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_h ---truncated---

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/a71349b692ab34ea1…
https://git.kernel.org/stable/c/70b60c8d9b42763d6…
https://git.kernel.org/stable/c/4c98fe0dfa2ae83c4…
https://git.kernel.org/stable/c/9da40aea63f8769f2…
https://git.kernel.org/stable/c/ed87190e9d9c80aad…
https://git.kernel.org/stable/c/bf0de0f9a0544c11f…
https://git.kernel.org/stable/c/65d11eb276836d490…
https://git.kernel.org/stable/c/41fd1e94066a815a7…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 7a97311de48d56af6db4c5819f95faf9b0b23b1a , < a71349b692ab34ea197949e13e3cc42570fe73d9 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 70b60c8d9b42763d6629e44f448aa5d8ae477d61 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 4c98fe0dfa2ae83c4631699695506d8941db4bfe (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 9da40aea63f8769f28afb91aea0fac4cf6fbbb65 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < ed87190e9d9c80aad220fb6b0b03a84d22e2c95b (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < bf0de0f9a0544c11f96f93206da04ab87dcea1f4 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 65d11eb276836d49003a8060cf31fa2284ad1047 (git) Affected: f4b1363cae43fef7c86c993b7ca7fe7d546b3c68 , < 41fd1e94066a815a7ab0a7025359e9b40e4b3576 (git) Affected: 6026fd9da213daab95469356fe7fdcf29ae1a296 (git) Affected: 5.4.22 , < 5.4.285 (semver) Affected: 5.5.6 , < 5.6 (semver)
Linux	Linux	Affected: 5.6 Unaffected: 0 , < 5.6 (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:47:28.241887Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:52.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:34.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a71349b692ab34ea197949e13e3cc42570fe73d9",
              "status": "affected",
              "version": "7a97311de48d56af6db4c5819f95faf9b0b23b1a",
              "versionType": "git"
            },
            {
              "lessThan": "70b60c8d9b42763d6629e44f448aa5d8ae477d61",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "4c98fe0dfa2ae83c4631699695506d8941db4bfe",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "9da40aea63f8769f28afb91aea0fac4cf6fbbb65",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "ed87190e9d9c80aad220fb6b0b03a84d22e2c95b",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "bf0de0f9a0544c11f96f93206da04ab87dcea1f4",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "65d11eb276836d49003a8060cf31fa2284ad1047",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "lessThan": "41fd1e94066a815a7ab0a7025359e9b40e4b3576",
              "status": "affected",
              "version": "f4b1363cae43fef7c86c993b7ca7fe7d546b3c68",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "6026fd9da213daab95469356fe7fdcf29ae1a296",
              "versionType": "git"
            },
            {
              "lessThan": "5.4.285",
              "status": "affected",
              "version": "5.4.22",
              "versionType": "semver"
            },
            {
              "lessThan": "5.6",
              "status": "affected",
              "version": "5.5.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.4.22",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n   halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n   struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n   the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n  BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n  Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n  CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n  Workqueue: btrfs-fixup btrfs_work_helper\n  Call Trace:\n   \u003cTASK\u003e\n   __dump_stack lib/dump_stack.c:94 [inline]\n   dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n   print_address_description mm/kasan/report.c:377 [inline]\n   print_report+0x169/0x550 mm/kasan/report.c:488\n   kasan_report+0x143/0x180 mm/kasan/report.c:601\n   __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n   _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n   class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n   try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n   btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n   btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n   process_one_work kernel/workqueue.c:3229 [inline]\n   process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n   worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n   kthread+0x2f0/0x390 kernel/kthread.c:389\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n   \u003c/TASK\u003e\n\n  Allocated by task 2:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   unpoison_slab_object mm/kasan/common.c:319 [inline]\n   __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n   kasan_slab_alloc include/linux/kasan.h:247 [inline]\n   slab_post_alloc_hook mm/slub.c:4086 [inline]\n   slab_alloc_node mm/slub.c:4135 [inline]\n   kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n   alloc_task_struct_node kernel/fork.c:180 [inline]\n   dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n   copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n   kernel_clone+0x223/0x880 kernel/fork.c:2787\n   kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n   create_kthread kernel/kthread.c:412 [inline]\n   kthreadd+0x60d/0x810 kernel/kthread.c:765\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n  Freed by task 61:\n   kasan_save_stack mm/kasan/common.c:47 [inline]\n   kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n   kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n   poison_slab_object mm/kasan/common.c:247 [inline]\n   __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n   kasan_slab_free include/linux/kasan.h:230 [inline]\n   slab_free_h\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:53:58.592Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a71349b692ab34ea197949e13e3cc42570fe73d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/70b60c8d9b42763d6629e44f448aa5d8ae477d61"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c98fe0dfa2ae83c4631699695506d8941db4bfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/9da40aea63f8769f28afb91aea0fac4cf6fbbb65"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed87190e9d9c80aad220fb6b0b03a84d22e2c95b"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf0de0f9a0544c11f96f93206da04ab87dcea1f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/65d11eb276836d49003a8060cf31fa2284ad1047"
        },
        {
          "url": "https://git.kernel.org/stable/c/41fd1e94066a815a7ab0a7025359e9b40e4b3576"
        }
      ],
      "title": "btrfs: wait for fixup workers before stopping cleaner kthread during umount",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49867",
    "datePublished": "2024-10-21T18:01:09.962Z",
    "dateReserved": "2024-10-21T12:17:06.018Z",
    "dateUpdated": "2026-05-23T15:53:58.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49930 (GCVE-0-2024-49930)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-05-12 11:59

Title

wifi: ath11k: fix array out-of-bound access in SoC stats

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access. To fix this issue, modify ath11k_dp_process_rx() to use the normal ring ID directly instead of the SRNG ring ID to avoid out-of-bounds array access. Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

11 references

URL	Tags
https://git.kernel.org/stable/c/0f26f26944035ec67…
https://git.kernel.org/stable/c/4dd732893bd38cec5…
https://git.kernel.org/stable/c/73e235728e515facc…
https://git.kernel.org/stable/c/7a552bc2f3efe2aaf…
https://git.kernel.org/stable/c/6045ef5b4b00fee36…
https://git.kernel.org/stable/c/01b77f5ee11c89754…
https://git.kernel.org/stable/c/69f253e46af98af17…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

6 products

Vendor	Product	Version
Linux	Linux	Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 0f26f26944035ec67546a944f182cbad6577a9c0 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 4dd732893bd38cec51f887244314e2b47f0d658f (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 73e235728e515faccc104b0153b47d0f263b3344 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 6045ef5b4b00fee3629689f791992900a1c94009 (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 01b77f5ee11c89754fb836af8f76799d3b72ae2f (git) Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 69f253e46af98af17e3efa3e5dfa72fcb7d1983d (git)
Linux	Linux	Affected: 5.6 Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)
Siemens	RUGGEDCOM RST2428P	Unaffected: 0 , < * (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Unaffected: 0 , < * (custom)
Siemens	SCALANCE XCM-/XRM-/XCH-/XRH-300 family	Unaffected: 0 , < * (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:39:11.615882Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:48:43.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:16.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:59:03.454Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath11k/dp_rx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f26f26944035ec67546a944f182cbad6577a9c0",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "4dd732893bd38cec51f887244314e2b47f0d658f",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "73e235728e515faccc104b0153b47d0f263b3344",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "6045ef5b4b00fee3629689f791992900a1c94009",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "01b77f5ee11c89754fb836af8f76799d3b72ae2f",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "69f253e46af98af17e3efa3e5dfa72fcb7d1983d",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath11k/dp_rx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx()\nfunction access ath11k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To fix\nthis issue, modify ath11k_dp_process_rx() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:42:02.115Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f26f26944035ec67546a944f182cbad6577a9c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dd732893bd38cec51f887244314e2b47f0d658f"
        },
        {
          "url": "https://git.kernel.org/stable/c/73e235728e515faccc104b0153b47d0f263b3344"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6045ef5b4b00fee3629689f791992900a1c94009"
        },
        {
          "url": "https://git.kernel.org/stable/c/01b77f5ee11c89754fb836af8f76799d3b72ae2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/69f253e46af98af17e3efa3e5dfa72fcb7d1983d"
        }
      ],
      "title": "wifi: ath11k: fix array out-of-bound access in SoC stats",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49930",
    "datePublished": "2024-10-21T18:01:53.126Z",
    "dateReserved": "2024-10-21T12:17:06.039Z",
    "dateUpdated": "2026-05-12T11:59:03.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49936 (GCVE-0-2024-49936)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:01 – Updated: 2026-05-11 20:42

Title

net/xen-netback: prevent UAF in xenvif_flush_hash()

Summary

In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free. Therefore, to solve this, you need to change it to list_for_each_entry_safe.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/3c4423b0c4b98213b…
https://git.kernel.org/stable/c/a7f0073fcd12ed7de…
https://git.kernel.org/stable/c/a0465723b8581cad2…
https://git.kernel.org/stable/c/efcff6ce7467f01f0…
https://git.kernel.org/stable/c/143edf098b80669d0…
https://git.kernel.org/stable/c/d408889d4b54f5501…
https://git.kernel.org/stable/c/54d8639af5568fc41…
https://git.kernel.org/stable/c/0fa5e94a1811d68fb…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 3c4423b0c4b98213b3438e15061e1d08220e6982 (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < a0465723b8581cad27164c9073fd780904cd22d4 (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < efcff6ce7467f01f0753609f420333f3f2ceceda (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 143edf098b80669d05245b2f2367dd156a83a2c5 (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < d408889d4b54f5501e4becc4dbbb9065143fbf4e (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 54d8639af5568fc41c0e274fc3ec9cf86c59fcbb (git) Affected: 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 , < 0fa5e94a1811d68fbffa0725efe6d4ca62c03d12 (git)
Linux	Linux	Affected: 4.7 Unaffected: 0 , < 4.7 (semver) Unaffected: 5.4.290 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:38:23.774447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:51.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:20.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/xen-netback/hash.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3c4423b0c4b98213b3438e15061e1d08220e6982",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            },
            {
              "lessThan": "a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            },
            {
              "lessThan": "a0465723b8581cad27164c9073fd780904cd22d4",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            },
            {
              "lessThan": "efcff6ce7467f01f0753609f420333f3f2ceceda",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            },
            {
              "lessThan": "143edf098b80669d05245b2f2367dd156a83a2c5",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            },
            {
              "lessThan": "d408889d4b54f5501e4becc4dbbb9065143fbf4e",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            },
            {
              "lessThan": "54d8639af5568fc41c0e274fc3ec9cf86c59fcbb",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            },
            {
              "lessThan": "0fa5e94a1811d68fbffa0725efe6d4ca62c03d12",
              "status": "affected",
              "version": "40d8abdee806d496a60ee607a6d01b1cd7fabaf0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/xen-netback/hash.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.290",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.290",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/xen-netback: prevent UAF in xenvif_flush_hash()\n\nDuring the list_for_each_entry_rcu iteration call of xenvif_flush_hash,\nkfree_rcu does not exist inside the rcu read critical section, so if\nkfree_rcu is called when the rcu grace period ends during the iteration,\nUAF occurs when accessing head-\u003enext after the entry becomes free.\n\nTherefore, to solve this, you need to change it to list_for_each_entry_safe."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:42:17.479Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3c4423b0c4b98213b3438e15061e1d08220e6982"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0465723b8581cad27164c9073fd780904cd22d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/efcff6ce7467f01f0753609f420333f3f2ceceda"
        },
        {
          "url": "https://git.kernel.org/stable/c/143edf098b80669d05245b2f2367dd156a83a2c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d408889d4b54f5501e4becc4dbbb9065143fbf4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/54d8639af5568fc41c0e274fc3ec9cf86c59fcbb"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fa5e94a1811d68fbffa0725efe6d4ca62c03d12"
        }
      ],
      "title": "net/xen-netback: prevent UAF in xenvif_flush_hash()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49936",
    "datePublished": "2024-10-21T18:01:57.066Z",
    "dateReserved": "2024-10-21T12:17:06.042Z",
    "dateUpdated": "2026-05-11T20:42:17.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49960 (GCVE-0-2024-49960)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-23 15:54

Title

ext4: fix timer use-after-free on failed mount

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi). When filesystem mounting fails, the flow goes to failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handle_error function that ultimately re-arms the timer, leaving the s_err_report timer active before kfree(sbi) is called. Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/7aac0c17a8cdf4a32…
https://git.kernel.org/stable/c/22e9b83f0f33bc5a7…
https://git.kernel.org/stable/c/cf3196e5e2f36cd80…
https://git.kernel.org/stable/c/9203817ba46ebba7c…
https://git.kernel.org/stable/c/fa78fb51d396f4f2f…
https://git.kernel.org/stable/c/b85569585d0154d4d…
https://git.kernel.org/stable/c/0ce160c5bdb67081a…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 5e4f5138bd8522ebe231a137682d3857209a2c07 , < 7aac0c17a8cdf4a3236991c1e60435c6a984076c (git) Affected: 618f003199c6188e01472b03cdbba227f1dc5f24 , < 22e9b83f0f33bc5a7a3181769d1dccbf021f5b04 (git) Affected: 618f003199c6188e01472b03cdbba227f1dc5f24 , < cf3196e5e2f36cd80dab91ffae402e13935724bc (git) Affected: 618f003199c6188e01472b03cdbba227f1dc5f24 , < 9203817ba46ebba7c865c8de2aba399537b6e891 (git) Affected: 618f003199c6188e01472b03cdbba227f1dc5f24 , < fa78fb51d396f4f2f80f8e96a3b1516f394258be (git) Affected: 618f003199c6188e01472b03cdbba227f1dc5f24 , < b85569585d0154d4db1e4f9e3e6a4731d407feb0 (git) Affected: 618f003199c6188e01472b03cdbba227f1dc5f24 , < 0ce160c5bdb67081a62293028dc85758a8efb22a (git) Affected: cecfdb9cf9a700d1037066173abac0617f6788df (git) Affected: eb7b40d9d3785f7a131fb0b1f89bb6efa46c1833 (git) Affected: 5.10.51 , < 5.10.237 (semver) Affected: 5.12.18 , < 5.13 (semver) Affected: 5.13.3 , < 5.14 (semver)
Linux	Linux	Affected: 5.14 Unaffected: 0 , < 5.14 (semver) Unaffected: 5.10.237 , ≤ 5.10.* (semver) Unaffected: 5.15.181 , ≤ 5.15.* (semver) Unaffected: 6.1.118 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:35:13.994206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:47.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:41.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7aac0c17a8cdf4a3236991c1e60435c6a984076c",
              "status": "affected",
              "version": "5e4f5138bd8522ebe231a137682d3857209a2c07",
              "versionType": "git"
            },
            {
              "lessThan": "22e9b83f0f33bc5a7a3181769d1dccbf021f5b04",
              "status": "affected",
              "version": "618f003199c6188e01472b03cdbba227f1dc5f24",
              "versionType": "git"
            },
            {
              "lessThan": "cf3196e5e2f36cd80dab91ffae402e13935724bc",
              "status": "affected",
              "version": "618f003199c6188e01472b03cdbba227f1dc5f24",
              "versionType": "git"
            },
            {
              "lessThan": "9203817ba46ebba7c865c8de2aba399537b6e891",
              "status": "affected",
              "version": "618f003199c6188e01472b03cdbba227f1dc5f24",
              "versionType": "git"
            },
            {
              "lessThan": "fa78fb51d396f4f2f80f8e96a3b1516f394258be",
              "status": "affected",
              "version": "618f003199c6188e01472b03cdbba227f1dc5f24",
              "versionType": "git"
            },
            {
              "lessThan": "b85569585d0154d4db1e4f9e3e6a4731d407feb0",
              "status": "affected",
              "version": "618f003199c6188e01472b03cdbba227f1dc5f24",
              "versionType": "git"
            },
            {
              "lessThan": "0ce160c5bdb67081a62293028dc85758a8efb22a",
              "status": "affected",
              "version": "618f003199c6188e01472b03cdbba227f1dc5f24",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "cecfdb9cf9a700d1037066173abac0617f6788df",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "eb7b40d9d3785f7a131fb0b1f89bb6efa46c1833",
              "versionType": "git"
            },
            {
              "lessThan": "5.10.237",
              "status": "affected",
              "version": "5.10.51",
              "versionType": "semver"
            },
            {
              "lessThan": "5.13",
              "status": "affected",
              "version": "5.12.18",
              "versionType": "semver"
            },
            {
              "lessThan": "5.14",
              "status": "affected",
              "version": "5.13.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.118",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "5.10.51",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.118",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.13.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix timer use-after-free on failed mount\n\nSyzbot has found an ODEBUG bug in ext4_fill_super\n\nThe del_timer_sync function cancels the s_err_report timer,\nwhich reminds about filesystem errors daily. We should\nguarantee the timer is no longer active before kfree(sbi).\n\nWhen filesystem mounting fails, the flow goes to failed_mount3,\nwhere an error occurs when ext4_stop_mmpd is called, causing\na read I/O failure. This triggers the ext4_handle_error function\nthat ultimately re-arms the timer,\nleaving the s_err_report timer active before kfree(sbi) is called.\n\nFix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:54:09.756Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7aac0c17a8cdf4a3236991c1e60435c6a984076c"
        },
        {
          "url": "https://git.kernel.org/stable/c/22e9b83f0f33bc5a7a3181769d1dccbf021f5b04"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/9203817ba46ebba7c865c8de2aba399537b6e891"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa78fb51d396f4f2f80f8e96a3b1516f394258be"
        },
        {
          "url": "https://git.kernel.org/stable/c/b85569585d0154d4db1e4f9e3e6a4731d407feb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a"
        }
      ],
      "title": "ext4: fix timer use-after-free on failed mount",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49960",
    "datePublished": "2024-10-21T18:02:13.119Z",
    "dateReserved": "2024-10-21T12:17:06.049Z",
    "dateUpdated": "2026-05-23T15:54:09.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49969 (GCVE-0-2024-49969)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-11 20:43

Title

drm/amd/display: Fix index out of bounds in DCN30 color transformation

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/7ab69af56a23859b6…
https://git.kernel.org/stable/c/c13f9c62015c56a93…
https://git.kernel.org/stable/c/0f1e222a4b41d77c4…
https://git.kernel.org/stable/c/929506d5671419cff…
https://git.kernel.org/stable/c/578422ddae3d13362…
https://git.kernel.org/stable/c/b9d8b94ec7e67f0ca…
https://git.kernel.org/stable/c/d81873f9e715b72d4…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 7ab69af56a23859b647dee69fa1052c689343621 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < c13f9c62015c56a938304cef6d507227ea3e0039 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 0f1e222a4b41d77c442901d166fbdca967af0d86 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 929506d5671419cffd8d01e9a7f5eae53682a838 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < 578422ddae3d13362b64e77ef9bab98780641631 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < b9d8b94ec7e67f0cae228c054f77b73967c389a3 (git) Affected: 03f54d7d3448dc1668568d1adb69b43c1d1dc79f , < d81873f9e715b72d4f8d391c8eb243946f784dfc (git)
Linux	Linux	Affected: 5.9 Unaffected: 0 , < 5.9 (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:34:03.408240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:46.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:51.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7ab69af56a23859b647dee69fa1052c689343621",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "c13f9c62015c56a938304cef6d507227ea3e0039",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "0f1e222a4b41d77c442901d166fbdca967af0d86",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "929506d5671419cffd8d01e9a7f5eae53682a838",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "578422ddae3d13362b64e77ef9bab98780641631",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "b9d8b94ec7e67f0cae228c054f77b73967c389a3",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            },
            {
              "lessThan": "d81873f9e715b72d4f8d391c8eb243946f784dfc",
              "status": "affected",
              "version": "03f54d7d3448dc1668568d1adb69b43c1d1dc79f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index \u0027i\u0027 exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\ntransfer function points. If \u0027i\u0027 is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:43:01.789Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621"
        },
        {
          "url": "https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86"
        },
        {
          "url": "https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838"
        },
        {
          "url": "https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc"
        }
      ],
      "title": "drm/amd/display: Fix index out of bounds in DCN30 color transformation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49969",
    "datePublished": "2024-10-21T18:02:19.044Z",
    "dateReserved": "2024-10-21T12:17:06.051Z",
    "dateUpdated": "2026-05-11T20:43:01.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49974 (GCVE-0-2024-49974)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-11 20:43

Title

NFSD: Limit the number of concurrent async COPY operations

Summary

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB chunks, so can run for a long time. Thus IMO async COPY can become a DoS vector. Add a restriction mechanism that bounds the number of concurrent background COPY operations. Start simple and try to be fair -- this patch implements a per-namespace limit. An async COPY request that occurs while this limit is exceeded gets NFS4ERR_DELAY. The requesting client can choose to send the request again after a delay or fall back to a traditional read/write style copy. If there is need to make the mechanism more sophisticated, we can visit that in future patches.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/9e52ff544e0bfa09e…
https://git.kernel.org/stable/c/43e46ee5efc03990b…
https://git.kernel.org/stable/c/7ea9260874b779637…
https://git.kernel.org/stable/c/ae267989b7b7933df…
https://git.kernel.org/stable/c/b4e21431a0db4854b…
https://git.kernel.org/stable/c/6a488ad7745b8f646…
https://git.kernel.org/stable/c/aadc3bbea163b6caa…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 9e52ff544e0bfa09ee339fd7b0937ee3c080c24e (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 7ea9260874b779637aff6d24c344b8ef4ac862a0 (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < ae267989b7b7933dfedcd26468d0a88fc3a9da9e (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < b4e21431a0db4854b5023cd5af001be557e6c3db (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < 6a488ad7745b8f64625c6d3a24ce7e448e83f11b (git) Affected: e0639dc5805a9d4faaa2c07ad98fa853b9529dd3 , < aadc3bbea163b6caaaebfdd2b6c4667fbc726752 (git)
Linux	Linux	Affected: 4.20 Unaffected: 0 , < 4.20 (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.119 , ≤ 6.1.* (semver) Unaffected: 6.6.63 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:33:23.238318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:45.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:23:54.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/netns.h",
            "fs/nfsd/nfs4proc.c",
            "fs/nfsd/nfs4state.c",
            "fs/nfsd/xdr4.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9e52ff544e0bfa09ee339fd7b0937ee3c080c24e",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "7ea9260874b779637aff6d24c344b8ef4ac862a0",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "ae267989b7b7933dfedcd26468d0a88fc3a9da9e",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "b4e21431a0db4854b5023cd5af001be557e6c3db",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "6a488ad7745b8f64625c6d3a24ce7e448e83f11b",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            },
            {
              "lessThan": "aadc3bbea163b6caaaebfdd2b6c4667fbc726752",
              "status": "affected",
              "version": "e0639dc5805a9d4faaa2c07ad98fa853b9529dd3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/netns.h",
            "fs/nfsd/nfs4proc.c",
            "fs/nfsd/nfs4state.c",
            "fs/nfsd/xdr4.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.63",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:43:08.284Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9e52ff544e0bfa09ee339fd7b0937ee3c080c24e"
        },
        {
          "url": "https://git.kernel.org/stable/c/43e46ee5efc03990b223f7aa8b77aa9c3d3acfdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ea9260874b779637aff6d24c344b8ef4ac862a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae267989b7b7933dfedcd26468d0a88fc3a9da9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4e21431a0db4854b5023cd5af001be557e6c3db"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a488ad7745b8f64625c6d3a24ce7e448e83f11b"
        },
        {
          "url": "https://git.kernel.org/stable/c/aadc3bbea163b6caaaebfdd2b6c4667fbc726752"
        }
      ],
      "title": "NFSD: Limit the number of concurrent async COPY operations",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49974",
    "datePublished": "2024-10-21T18:02:22.392Z",
    "dateReserved": "2024-10-21T12:17:06.052Z",
    "dateUpdated": "2026-05-11T20:43:08.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-49982 (GCVE-0-2024-49982)

Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-23 15:54

Title

aoe: fix the potential use-after-free problem in more places

Summary

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

11 references

URL	Tags
https://git.kernel.org/stable/c/12f7b89dd72b25da4…
https://git.kernel.org/stable/c/a786265aecf390154…
https://git.kernel.org/stable/c/f63461af2c1a86af4…
https://git.kernel.org/stable/c/07b418d50ccbbca7e…
https://git.kernel.org/stable/c/bc2cbf7525ac288e0…
https://git.kernel.org/stable/c/acc5103a0a8c200a5…
https://git.kernel.org/stable/c/89d9a69ae0c667e4d…
https://git.kernel.org/stable/c/8253a60c89ec35c8f…
https://git.kernel.org/stable/c/6d6e54fc71ad1ab0a…
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: ad80c34944d7175fa1f5c7a55066020002921a99 , < 12f7b89dd72b25da4eeaa22097877963cad6418e (git) Affected: 1a54aa506b3b2f31496731039e49778f54eee881 , < a786265aecf39015418e4f930cc1c14603a01490 (git) Affected: faf0b4c5e00bb680e8e43ac936df24d3f48c8e65 , < f63461af2c1a86af4217910e47a5c46e3372e645 (git) Affected: 7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4 , < 07b418d50ccbbca7e5d87a3a0d41d436cefebf79 (git) Affected: 74ca3ef68d2f449bc848c0a814cefc487bf755fa , < bc2cbf7525ac288e07d465f5a1d8cb8fb9599254 (git) Affected: eb48680b0255a9e8a9bdc93d6a55b11c31262e62 , < acc5103a0a8c200a52af7d732c36a8477436a3d3 (git) Affected: f98364e926626c678fb4b9004b75cacf92ff0662 , < 89d9a69ae0c667e4d9d028028e2dcc837bae626f (git) Affected: f98364e926626c678fb4b9004b75cacf92ff0662 , < 8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58 (git) Affected: f98364e926626c678fb4b9004b75cacf92ff0662 , < 6d6e54fc71ad1ab0a87047fd9c211e75d86084a3 (git) Affected: 079cba4f4e307c69878226fdf5228c20aa1c969c (git) Affected: a16fbb80064634b254520a46395e36b87ca4731e (git) Affected: 4.19.311 , < 4.19.323 (semver) Affected: 5.4.273 , < 5.4.285 (semver) Affected: 5.10.214 , < 5.10.227 (semver) Affected: 5.15.153 , < 5.15.168 (semver) Affected: 6.1.83 , < 6.1.113 (semver) Affected: 6.6.23 , < 6.6.55 (semver) Affected: 6.7.11 , < 6.8 (semver) Affected: 6.8.2 , < 6.9 (semver)
Linux	Linux	Affected: 6.9 Unaffected: 0 , < 6.9 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:32:22.974285Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:38:44.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:24:03.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/aoe/aoecmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "12f7b89dd72b25da4eeaa22097877963cad6418e",
              "status": "affected",
              "version": "ad80c34944d7175fa1f5c7a55066020002921a99",
              "versionType": "git"
            },
            {
              "lessThan": "a786265aecf39015418e4f930cc1c14603a01490",
              "status": "affected",
              "version": "1a54aa506b3b2f31496731039e49778f54eee881",
              "versionType": "git"
            },
            {
              "lessThan": "f63461af2c1a86af4217910e47a5c46e3372e645",
              "status": "affected",
              "version": "faf0b4c5e00bb680e8e43ac936df24d3f48c8e65",
              "versionType": "git"
            },
            {
              "lessThan": "07b418d50ccbbca7e5d87a3a0d41d436cefebf79",
              "status": "affected",
              "version": "7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4",
              "versionType": "git"
            },
            {
              "lessThan": "bc2cbf7525ac288e07d465f5a1d8cb8fb9599254",
              "status": "affected",
              "version": "74ca3ef68d2f449bc848c0a814cefc487bf755fa",
              "versionType": "git"
            },
            {
              "lessThan": "acc5103a0a8c200a52af7d732c36a8477436a3d3",
              "status": "affected",
              "version": "eb48680b0255a9e8a9bdc93d6a55b11c31262e62",
              "versionType": "git"
            },
            {
              "lessThan": "89d9a69ae0c667e4d9d028028e2dcc837bae626f",
              "status": "affected",
              "version": "f98364e926626c678fb4b9004b75cacf92ff0662",
              "versionType": "git"
            },
            {
              "lessThan": "8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58",
              "status": "affected",
              "version": "f98364e926626c678fb4b9004b75cacf92ff0662",
              "versionType": "git"
            },
            {
              "lessThan": "6d6e54fc71ad1ab0a87047fd9c211e75d86084a3",
              "status": "affected",
              "version": "f98364e926626c678fb4b9004b75cacf92ff0662",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "079cba4f4e307c69878226fdf5228c20aa1c969c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a16fbb80064634b254520a46395e36b87ca4731e",
              "versionType": "git"
            },
            {
              "lessThan": "4.19.323",
              "status": "affected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.285",
              "status": "affected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.227",
              "status": "affected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.168",
              "status": "affected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.113",
              "status": "affected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.55",
              "status": "affected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThan": "6.8",
              "status": "affected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThan": "6.9",
              "status": "affected",
              "version": "6.8.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/aoe/aoecmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.323",
                  "versionStartIncluding": "4.19.311",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.285",
                  "versionStartIncluding": "5.4.273",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10.214",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.15.153",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.113",
                  "versionStartIncluding": "6.1.83",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "6.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.14",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.3",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in more places\n\nFor fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential\nuse-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put()\ninstead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs\ninto use-after-free.\n\nThen Nicolai Stange found more places in aoe have potential use-after-free\nproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()\nand aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push\npacket to tx queue. So they should also use dev_hold() to increase the\nrefcnt of skb-\u003edev.\n\nOn the other hand, moving dev_put() to tx() causes that the refcnt of\nskb-\u003edev be reduced to a negative value, because corresponding\ndev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),\nprobe(), and aoecmd_cfg_rsp(). This patch fixed this issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:54:14.068Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/12f7b89dd72b25da4eeaa22097877963cad6418e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a786265aecf39015418e4f930cc1c14603a01490"
        },
        {
          "url": "https://git.kernel.org/stable/c/f63461af2c1a86af4217910e47a5c46e3372e645"
        },
        {
          "url": "https://git.kernel.org/stable/c/07b418d50ccbbca7e5d87a3a0d41d436cefebf79"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc2cbf7525ac288e07d465f5a1d8cb8fb9599254"
        },
        {
          "url": "https://git.kernel.org/stable/c/acc5103a0a8c200a52af7d732c36a8477436a3d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/89d9a69ae0c667e4d9d028028e2dcc837bae626f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d6e54fc71ad1ab0a87047fd9c211e75d86084a3"
        }
      ],
      "title": "aoe: fix the potential use-after-free problem in more places",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-49982",
    "datePublished": "2024-10-21T18:02:27.820Z",
    "dateReserved": "2024-10-21T12:17:06.052Z",
    "dateUpdated": "2026-05-23T15:54:14.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-1033

Solutions

CVE-2024-47747 (GCVE-0-2024-47747)

CVE-2024-47748 (GCVE-0-2024-47748)

CVE-2024-49860 (GCVE-0-2024-49860)

CVE-2024-49867 (GCVE-0-2024-49867)

CVE-2024-49930 (GCVE-0-2024-49930)

CVE-2024-49936 (GCVE-0-2024-49936)

CVE-2024-49960 (GCVE-0-2024-49960)

CVE-2024-49969 (GCVE-0-2024-49969)

CVE-2024-49974 (GCVE-0-2024-49974)

CVE-2024-49982 (GCVE-0-2024-49982)

Tags

Sightings

Nomenclature