Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0308
Vulnerability from certfr_avis - Published: 2025-04-11 - Updated: 2025-04-11
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-23041",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23041"
},
{
"name": "CVE-2021-47101",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47101"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2024-26863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26863"
},
{
"name": "CVE-2021-47235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47235"
},
{
"name": "CVE-2021-47320",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47320"
},
{
"name": "CVE-2021-47483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47483"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-35973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35973"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2021-47602",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47602"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2024-58087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
},
{
"name": "CVE-2021-47122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47122"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
}
],
"initial_release_date": "2025-04-11T00:00:00",
"last_revision_date": "2025-04-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0308",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-5",
"url": "https://ubuntu.com/security/notices/USN-7406-5"
},
{
"published_at": "2025-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7421-1",
"url": "https://ubuntu.com/security/notices/USN-7421-1"
},
{
"published_at": "2025-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7420-1",
"url": "https://ubuntu.com/security/notices/USN-7420-1"
},
{
"published_at": "2025-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-6",
"url": "https://ubuntu.com/security/notices/USN-7406-6"
},
{
"published_at": "2025-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-4",
"url": "https://ubuntu.com/security/notices/USN-7402-4"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7428-2",
"url": "https://ubuntu.com/security/notices/USN-7428-2"
},
{
"published_at": "2025-04-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-3",
"url": "https://ubuntu.com/security/notices/USN-7402-3"
},
{
"published_at": "2025-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7408-4",
"url": "https://ubuntu.com/security/notices/USN-7408-4"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7429-1",
"url": "https://ubuntu.com/security/notices/USN-7429-1"
},
{
"published_at": "2025-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7408-3",
"url": "https://ubuntu.com/security/notices/USN-7408-3"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7428-1",
"url": "https://ubuntu.com/security/notices/USN-7428-1"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7429-2",
"url": "https://ubuntu.com/security/notices/USN-7429-2"
}
]
}
CVE-2024-53184 (GCVE-0-2024-53184)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-05-11 20:52
VLAI
EPSS
Title
um: ubd: Do not use drvdata in release
Summary
In the Linux kernel, the following vulnerability has been resolved:
um: ubd: Do not use drvdata in release
The drvdata is not available in release. Let's just use container_of()
to get the ubd instance. Otherwise, removing a ubd device will result
in a crash:
RIP: 0033:blk_mq_free_tag_set+0x1f/0xba
RSP: 00000000e2083bf0 EFLAGS: 00010246
RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00
RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348
RBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7
R10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000
R13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0
Kernel panic - not syncing: Segfault with no mm
CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1
Workqueue: events mc_work_proc
Stack:
00000000 604f7ef0 62c5d000 62405d20
e2083c30 6002c776 6002c755 600e47ff
e2083c60 6025ffe3 04208060 603d36e0
Call Trace:
[<6002c776>] ubd_device_release+0x21/0x55
[<6002c755>] ? ubd_device_release+0x0/0x55
[<600e47ff>] ? kfree+0x0/0x100
[<6025ffe3>] device_release+0x70/0xba
[<60381d6a>] kobject_put+0xb5/0xe2
[<6026027b>] put_device+0x19/0x1c
[<6026a036>] platform_device_put+0x26/0x29
[<6026ac5a>] platform_device_unregister+0x2c/0x2e
[<6002c52e>] ubd_remove+0xb8/0xd6
[<6002bb74>] ? mconsole_reply+0x0/0x50
[<6002b926>] mconsole_remove+0x160/0x1cc
[<6002bbbc>] ? mconsole_reply+0x48/0x50
[<6003379c>] ? um_set_signals+0x3b/0x43
[<60061c55>] ? update_min_vruntime+0x14/0x70
[<6006251f>] ? dequeue_task_fair+0x164/0x235
[<600620aa>] ? update_cfs_group+0x0/0x40
[<603a0e77>] ? __schedule+0x0/0x3ed
[<60033761>] ? um_set_signals+0x0/0x43
[<6002af6a>] mc_work_proc+0x77/0x91
[<600520b4>] process_scheduled_works+0x1af/0x2c3
[<6004ede3>] ? assign_work+0x0/0x58
[<600527a1>] worker_thread+0x2f7/0x37a
[<6004ee3b>] ? set_pf_worker+0x0/0x64
[<6005765d>] ? arch_local_irq_save+0x0/0x2d
[<60058e07>] ? kthread_exit+0x0/0x3a
[<600524aa>] ? worker_thread+0x0/0x37a
[<60058f9f>] kthread+0x130/0x135
[<6002068e>] new_thread_handler+0x85/0xb6
Severity
No CVSS data available.
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0998d0631001288a5974afc0b2a5f568bcdecb4d , < 23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8
(git)
Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 300e277e463e6326938dd55ea560eafa0f5c88a5 (git) Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 509ba8746f812e45a05034ba18b73db574693d11 (git) Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 5727343348f34e11a7c5a2a944d5aa505731d876 (git) Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < a5a75207efae4b558aaa34c288de7d6f2e926b4b (git) Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 2d194d951895df214e066d08146e77cb6e02c1d4 (git) Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec (git) Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 16cf8511680809a9f20b3dd224c06d482648f9e2 (git) Affected: 0998d0631001288a5974afc0b2a5f568bcdecb4d , < 5bee35e5389f450a7eea7318deb9073e9414d3b1 (git) |
|
| Linux | Linux |
Affected:
3.6
Unaffected: 0 , < 3.6 (semver) Unaffected: 4.19.325 , ≤ 4.19.* (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:21.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/um/drivers/ubd_kern.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "300e277e463e6326938dd55ea560eafa0f5c88a5",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "509ba8746f812e45a05034ba18b73db574693d11",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "5727343348f34e11a7c5a2a944d5aa505731d876",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "a5a75207efae4b558aaa34c288de7d6f2e926b4b",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "2d194d951895df214e066d08146e77cb6e02c1d4",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "16cf8511680809a9f20b3dd224c06d482648f9e2",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
},
{
"lessThan": "5bee35e5389f450a7eea7318deb9073e9414d3b1",
"status": "affected",
"version": "0998d0631001288a5974afc0b2a5f568bcdecb4d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/um/drivers/ubd_kern.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: ubd: Do not use drvdata in release\n\nThe drvdata is not available in release. Let\u0027s just use container_of()\nto get the ubd instance. Otherwise, removing a ubd device will result\nin a crash:\n\nRIP: 0033:blk_mq_free_tag_set+0x1f/0xba\nRSP: 00000000e2083bf0 EFLAGS: 00010246\nRAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00\nRDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348\nRBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7\nR10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000\nR13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1\nWorkqueue: events mc_work_proc\nStack:\n 00000000 604f7ef0 62c5d000 62405d20\n e2083c30 6002c776 6002c755 600e47ff\n e2083c60 6025ffe3 04208060 603d36e0\nCall Trace:\n [\u003c6002c776\u003e] ubd_device_release+0x21/0x55\n [\u003c6002c755\u003e] ? ubd_device_release+0x0/0x55\n [\u003c600e47ff\u003e] ? kfree+0x0/0x100\n [\u003c6025ffe3\u003e] device_release+0x70/0xba\n [\u003c60381d6a\u003e] kobject_put+0xb5/0xe2\n [\u003c6026027b\u003e] put_device+0x19/0x1c\n [\u003c6026a036\u003e] platform_device_put+0x26/0x29\n [\u003c6026ac5a\u003e] platform_device_unregister+0x2c/0x2e\n [\u003c6002c52e\u003e] ubd_remove+0xb8/0xd6\n [\u003c6002bb74\u003e] ? mconsole_reply+0x0/0x50\n [\u003c6002b926\u003e] mconsole_remove+0x160/0x1cc\n [\u003c6002bbbc\u003e] ? mconsole_reply+0x48/0x50\n [\u003c6003379c\u003e] ? um_set_signals+0x3b/0x43\n [\u003c60061c55\u003e] ? update_min_vruntime+0x14/0x70\n [\u003c6006251f\u003e] ? dequeue_task_fair+0x164/0x235\n [\u003c600620aa\u003e] ? update_cfs_group+0x0/0x40\n [\u003c603a0e77\u003e] ? __schedule+0x0/0x3ed\n [\u003c60033761\u003e] ? um_set_signals+0x0/0x43\n [\u003c6002af6a\u003e] mc_work_proc+0x77/0x91\n [\u003c600520b4\u003e] process_scheduled_works+0x1af/0x2c3\n [\u003c6004ede3\u003e] ? assign_work+0x0/0x58\n [\u003c600527a1\u003e] worker_thread+0x2f7/0x37a\n [\u003c6004ee3b\u003e] ? set_pf_worker+0x0/0x64\n [\u003c6005765d\u003e] ? arch_local_irq_save+0x0/0x2d\n [\u003c60058e07\u003e] ? kthread_exit+0x0/0x3a\n [\u003c600524aa\u003e] ? worker_thread+0x0/0x37a\n [\u003c60058f9f\u003e] kthread+0x130/0x135\n [\u003c6002068e\u003e] new_thread_handler+0x85/0xb6"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:52:28.238Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8"
},
{
"url": "https://git.kernel.org/stable/c/300e277e463e6326938dd55ea560eafa0f5c88a5"
},
{
"url": "https://git.kernel.org/stable/c/509ba8746f812e45a05034ba18b73db574693d11"
},
{
"url": "https://git.kernel.org/stable/c/5727343348f34e11a7c5a2a944d5aa505731d876"
},
{
"url": "https://git.kernel.org/stable/c/a5a75207efae4b558aaa34c288de7d6f2e926b4b"
},
{
"url": "https://git.kernel.org/stable/c/2d194d951895df214e066d08146e77cb6e02c1d4"
},
{
"url": "https://git.kernel.org/stable/c/e6e5a4cded9bef3a1b0a4fac815b7176eb9a18ec"
},
{
"url": "https://git.kernel.org/stable/c/16cf8511680809a9f20b3dd224c06d482648f9e2"
},
{
"url": "https://git.kernel.org/stable/c/5bee35e5389f450a7eea7318deb9073e9414d3b1"
}
],
"title": "um: ubd: Do not use drvdata in release",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53184",
"datePublished": "2024-12-27T13:49:27.184Z",
"dateReserved": "2024-11-19T17:17:25.010Z",
"dateUpdated": "2026-05-11T20:52:28.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53194 (GCVE-0-2024-53194)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-05-11 20:52
VLAI
EPSS
Title
PCI: Fix use-after-free of slot->bus on hot remove
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix use-after-free of slot->bus on hot remove
Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock.
Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and
commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot
firmware"), USB4 v2 and v1 Host Routers are reset on probe of the
thunderbolt driver.
The reset clears the Presence Detect State and Data Link Layer Link Active
bits at the USB4 Host Router's Root Port and thus causes hot removal of the
dock.
The crash occurs when pciehp is unbound from one of the dock's Downstream
Ports: pciehp creates a pci_slot on bind and destroys it on unbind. The
pci_slot contains a pointer to the pci_bus below the Downstream Port, but
a reference on that pci_bus is never acquired. The pci_bus is destroyed
before the pci_slot, so a use-after-free ensues when pci_slot_release()
accesses slot->bus.
In principle this should not happen because pci_stop_bus_device() unbinds
pciehp (and therefore destroys the pci_slot) before the pci_bus is
destroyed by pci_remove_bus_device().
However the stacktrace provided by Dennis shows that pciehp is unbound from
pci_remove_bus_device() instead of pci_stop_bus_device(). To understand
the significance of this, one needs to know that the PCI core uses a two
step process to remove a portion of the hierarchy: It first unbinds all
drivers in the sub-hierarchy in pci_stop_bus_device() and then actually
removes the devices in pci_remove_bus_device(). There is no precaution to
prevent driver binding in-between pci_stop_bus_device() and
pci_remove_bus_device().
In Dennis' case, it seems removal of the hierarchy by pciehp races with
driver binding by pci_bus_add_devices(). pciehp is bound to the
Downstream Port after pci_stop_bus_device() has run, so it is unbound by
pci_remove_bus_device() instead of pci_stop_bus_device(). Because the
pci_bus has already been destroyed at that point, accesses to it result in
a use-after-free.
One might conclude that driver binding needs to be prevented after
pci_stop_bus_device() has run. However it seems risky that pci_slot points
to pci_bus without holding a reference. Solely relying on correct ordering
of driver unbind versus pci_bus destruction is certainly not defensive
programming.
If pci_slot has a need to access data in pci_bus, it ought to acquire a
reference. Amend pci_create_slot() accordingly. Dennis reports that the
crash is not reproducible with this change.
Abridged stacktrace:
pcieport 0000:00:07.0: PME: Signaling with IRQ 156
pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+
pci_bus 0000:20: dev 00, created physical slot 12
pcieport 0000:00:07.0: pciehp: Slot(12): Card not present
...
pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0
Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI
CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1
RIP: 0010:dev_driver_string+0x12/0x40
pci_destroy_slot
pciehp_remove
pcie_port_remove_service
device_release_driver_internal
bus_remove_device
device_del
device_unregister
remove_iter
device_for_each_child
pcie_portdrv_remove
pci_device_remove
device_release_driver_internal
bus_remove_device
device_del
pci_remove_bus_device (recursive invocation)
pci_remove_bus_device
pciehp_unconfigure_device
pciehp_disable_slot
pciehp_handle_presence_or_link_change
pciehp_ist
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 50473dd3b2a08601a078f852ea05572de9b1f86c
(git)
Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < d0ddd2c92b75a19a37c887154223372b600fed37 (git) Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < da6e6ff1f6c57f16e07af955e0e997fc90dd1e75 (git) Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 41bbb1eb996be1435815aa1fbcc9ffc45b84cc12 (git) Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 20502f0b3f3acd6bee300257556c27a867f80c8b (git) Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < e5d5c04aac71bf1476dc44b56f2206a4c2facca8 (git) Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < c8266ab8e7ccd1d1f5a9c8b29eb2020175048134 (git) Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < 69d2ceac11acf8579d58d55c9c5b65fb658f916e (git) Affected: f46753c5e354b857b20ab8e0fe7b2579831dc369 , < c7acef99642b763ba585f4a43af999fcdbcc3dc4 (git) |
|
| Linux | Linux |
Affected:
2.6.27
Unaffected: 0 , < 2.6.27 (semver) Unaffected: 4.19.325 , ≤ 4.19.* (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:43:25.841090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:45:26.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:25.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/slot.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "50473dd3b2a08601a078f852ea05572de9b1f86c",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "d0ddd2c92b75a19a37c887154223372b600fed37",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "da6e6ff1f6c57f16e07af955e0e997fc90dd1e75",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "41bbb1eb996be1435815aa1fbcc9ffc45b84cc12",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "20502f0b3f3acd6bee300257556c27a867f80c8b",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "e5d5c04aac71bf1476dc44b56f2206a4c2facca8",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "c8266ab8e7ccd1d1f5a9c8b29eb2020175048134",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "69d2ceac11acf8579d58d55c9c5b65fb658f916e",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
},
{
"lessThan": "c7acef99642b763ba585f4a43af999fcdbcc3dc4",
"status": "affected",
"version": "f46753c5e354b857b20ab8e0fe7b2579831dc369",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/slot.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix use-after-free of slot-\u003ebus on hot remove\n\nDennis reports a boot crash on recent Lenovo laptops with a USB4 dock.\n\nSince commit 0fc70886569c (\"thunderbolt: Reset USB4 v2 host router\") and\ncommit 59a54c5f3dbd (\"thunderbolt: Reset topology created by the boot\nfirmware\"), USB4 v2 and v1 Host Routers are reset on probe of the\nthunderbolt driver.\n\nThe reset clears the Presence Detect State and Data Link Layer Link Active\nbits at the USB4 Host Router\u0027s Root Port and thus causes hot removal of the\ndock.\n\nThe crash occurs when pciehp is unbound from one of the dock\u0027s Downstream\nPorts: pciehp creates a pci_slot on bind and destroys it on unbind. The\npci_slot contains a pointer to the pci_bus below the Downstream Port, but\na reference on that pci_bus is never acquired. The pci_bus is destroyed\nbefore the pci_slot, so a use-after-free ensues when pci_slot_release()\naccesses slot-\u003ebus.\n\nIn principle this should not happen because pci_stop_bus_device() unbinds\npciehp (and therefore destroys the pci_slot) before the pci_bus is\ndestroyed by pci_remove_bus_device().\n\nHowever the stacktrace provided by Dennis shows that pciehp is unbound from\npci_remove_bus_device() instead of pci_stop_bus_device(). To understand\nthe significance of this, one needs to know that the PCI core uses a two\nstep process to remove a portion of the hierarchy: It first unbinds all\ndrivers in the sub-hierarchy in pci_stop_bus_device() and then actually\nremoves the devices in pci_remove_bus_device(). There is no precaution to\nprevent driver binding in-between pci_stop_bus_device() and\npci_remove_bus_device().\n\nIn Dennis\u0027 case, it seems removal of the hierarchy by pciehp races with\ndriver binding by pci_bus_add_devices(). pciehp is bound to the\nDownstream Port after pci_stop_bus_device() has run, so it is unbound by\npci_remove_bus_device() instead of pci_stop_bus_device(). Because the\npci_bus has already been destroyed at that point, accesses to it result in\na use-after-free.\n\nOne might conclude that driver binding needs to be prevented after\npci_stop_bus_device() has run. However it seems risky that pci_slot points\nto pci_bus without holding a reference. Solely relying on correct ordering\nof driver unbind versus pci_bus destruction is certainly not defensive\nprogramming.\n\nIf pci_slot has a need to access data in pci_bus, it ought to acquire a\nreference. Amend pci_create_slot() accordingly. Dennis reports that the\ncrash is not reproducible with this change.\n\nAbridged stacktrace:\n\n pcieport 0000:00:07.0: PME: Signaling with IRQ 156\n pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+\n pci_bus 0000:20: dev 00, created physical slot 12\n pcieport 0000:00:07.0: pciehp: Slot(12): Card not present\n ...\n pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0\n Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1\n RIP: 0010:dev_driver_string+0x12/0x40\n pci_destroy_slot\n pciehp_remove\n pcie_port_remove_service\n device_release_driver_internal\n bus_remove_device\n device_del\n device_unregister\n remove_iter\n device_for_each_child\n pcie_portdrv_remove\n pci_device_remove\n device_release_driver_internal\n bus_remove_device\n device_del\n pci_remove_bus_device (recursive invocation)\n pci_remove_bus_device\n pciehp_unconfigure_device\n pciehp_disable_slot\n pciehp_handle_presence_or_link_change\n pciehp_ist"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:52:39.806Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/50473dd3b2a08601a078f852ea05572de9b1f86c"
},
{
"url": "https://git.kernel.org/stable/c/d0ddd2c92b75a19a37c887154223372b600fed37"
},
{
"url": "https://git.kernel.org/stable/c/da6e6ff1f6c57f16e07af955e0e997fc90dd1e75"
},
{
"url": "https://git.kernel.org/stable/c/41bbb1eb996be1435815aa1fbcc9ffc45b84cc12"
},
{
"url": "https://git.kernel.org/stable/c/20502f0b3f3acd6bee300257556c27a867f80c8b"
},
{
"url": "https://git.kernel.org/stable/c/e5d5c04aac71bf1476dc44b56f2206a4c2facca8"
},
{
"url": "https://git.kernel.org/stable/c/c8266ab8e7ccd1d1f5a9c8b29eb2020175048134"
},
{
"url": "https://git.kernel.org/stable/c/69d2ceac11acf8579d58d55c9c5b65fb658f916e"
},
{
"url": "https://git.kernel.org/stable/c/c7acef99642b763ba585f4a43af999fcdbcc3dc4"
}
],
"title": "PCI: Fix use-after-free of slot-\u003ebus on hot remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53194",
"datePublished": "2024-12-27T13:49:36.534Z",
"dateReserved": "2024-11-19T17:17:25.014Z",
"dateUpdated": "2026-05-11T20:52:39.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53197 (GCVE-0-2024-53197)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-05-11 20:52
VLAI
EPSS
Title
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
A bogus device can provide a bNumConfigurations value that exceeds the
initial value used in usb_get_configuration for allocating dev->config.
This can lead to out-of-bounds accesses later, e.g. in
usb_destroy_configuration.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
12 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0b4ea4bfe16566b84645ded1403756a2dc4e0f19
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9b8460a2a7ce478e0b625af7c56d444dc24190f7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 62dc01c83fa71e10446ee4c31e0e3d5d1291e865 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9887d859cd60727432a01564e8f91302d361b72b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 920a369a9f014f10ec282fd298d0666129379f1b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b8f8b81dabe52b413fe9e062e8a852c48dd0680d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 379d3b9799d9da953391e973b934764f01e03960 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b909df18ce2a998afef81d58bbd1a05dc0788c40 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.325 , ≤ 4.19.* (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53197",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T18:17:11.337680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-04-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53197"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:33.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53197"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-09T00:00:00.000Z",
"value": "CVE-2024-53197 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:29.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/quirks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0b4ea4bfe16566b84645ded1403756a2dc4e0f19",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9b8460a2a7ce478e0b625af7c56d444dc24190f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "62dc01c83fa71e10446ee4c31e0e3d5d1291e865",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9887d859cd60727432a01564e8f91302d361b72b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "920a369a9f014f10ec282fd298d0666129379f1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b8f8b81dabe52b413fe9e062e8a852c48dd0680d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "379d3b9799d9da953391e973b934764f01e03960",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b909df18ce2a998afef81d58bbd1a05dc0788c40",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/usb/quirks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices\n\nA bogus device can provide a bNumConfigurations value that exceeds the\ninitial value used in usb_get_configuration for allocating dev-\u003econfig.\n\nThis can lead to out-of-bounds accesses later, e.g. in\nusb_destroy_configuration."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:52:43.330Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19"
},
{
"url": "https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7"
},
{
"url": "https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865"
},
{
"url": "https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b"
},
{
"url": "https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b"
},
{
"url": "https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d"
},
{
"url": "https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960"
},
{
"url": "https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca"
},
{
"url": "https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40"
}
],
"title": "ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53197",
"datePublished": "2024-12-27T13:49:39.260Z",
"dateReserved": "2024-11-19T17:17:25.015Z",
"dateUpdated": "2026-05-11T20:52:43.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53198 (GCVE-0-2024-53198)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-05-11 20:52
VLAI
EPSS
Title
xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
This patch fixes an issue in the function xenbus_dev_probe(). In the
xenbus_dev_probe() function, within the if (err) branch at line 313, the
program incorrectly returns err directly without releasing the resources
allocated by err = drv->probe(dev, id). As the return value is non-zero,
the upper layers assume the processing logic has failed. However, the probe
operation was performed earlier without a corresponding remove operation.
Since the probe actually allocates resources, failing to perform the remove
operation could lead to problems.
To fix this issue, we followed the resource release logic of the
xenbus_dev_remove() function by adding a new block fail_remove before the
fail_put block. After entering the branch if (err) at line 313, the
function will use a goto statement to jump to the fail_remove block,
ensuring that the previously acquired resources are correctly released,
thus preventing the reference count leak.
This bug was identified by an experimental static analysis tool developed
by our team. The tool specializes in analyzing reference count operations
and detecting potential issues where resources are not properly managed.
In this case, the tool flagged the missing release operation as a
potential problem, which led to the development of this patch.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4bac07c993d03434ea902d3d4290d9e45944b66c , < 87106169b4ce26f85561f953d13d1fd86d99b612
(git)
Affected: 4bac07c993d03434ea902d3d4290d9e45944b66c , < 0aa9e30b5b4af5dd504801689d6d84c584290a45 (git) Affected: 4bac07c993d03434ea902d3d4290d9e45944b66c , < e8823e6ff313465910edea07581627d85e68d9fd (git) Affected: 4bac07c993d03434ea902d3d4290d9e45944b66c , < 3fc0996d2fefe61219375fd650601724b8cf2d30 (git) Affected: 4bac07c993d03434ea902d3d4290d9e45944b66c , < 804b96f8d0a02fa10b92f28b2e042f9128ed3ffc (git) Affected: 4bac07c993d03434ea902d3d4290d9e45944b66c , < 217bdce88b104269b73603b84d0ab4dd04f481bc (git) Affected: 4bac07c993d03434ea902d3d4290d9e45944b66c , < 2f977a4c82d35d063f5fe198bbc501c4b1c5ea0e (git) Affected: 4bac07c993d03434ea902d3d4290d9e45944b66c , < afc545da381ba0c651b2658966ac737032676f01 (git) |
|
| Linux | Linux |
Affected:
2.6.23
Unaffected: 0 , < 2.6.23 (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:04:00.609421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:07:20.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:32.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/xen/xenbus/xenbus_probe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87106169b4ce26f85561f953d13d1fd86d99b612",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
},
{
"lessThan": "0aa9e30b5b4af5dd504801689d6d84c584290a45",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
},
{
"lessThan": "e8823e6ff313465910edea07581627d85e68d9fd",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
},
{
"lessThan": "3fc0996d2fefe61219375fd650601724b8cf2d30",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
},
{
"lessThan": "804b96f8d0a02fa10b92f28b2e042f9128ed3ffc",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
},
{
"lessThan": "217bdce88b104269b73603b84d0ab4dd04f481bc",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
},
{
"lessThan": "2f977a4c82d35d063f5fe198bbc501c4b1c5ea0e",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
},
{
"lessThan": "afc545da381ba0c651b2658966ac737032676f01",
"status": "affected",
"version": "4bac07c993d03434ea902d3d4290d9e45944b66c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/xen/xenbus/xenbus_probe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: Fix the issue of resource not being properly released in xenbus_dev_probe()\n\nThis patch fixes an issue in the function xenbus_dev_probe(). In the\nxenbus_dev_probe() function, within the if (err) branch at line 313, the\nprogram incorrectly returns err directly without releasing the resources\nallocated by err = drv-\u003eprobe(dev, id). As the return value is non-zero,\nthe upper layers assume the processing logic has failed. However, the probe\noperation was performed earlier without a corresponding remove operation.\nSince the probe actually allocates resources, failing to perform the remove\noperation could lead to problems.\n\nTo fix this issue, we followed the resource release logic of the\nxenbus_dev_remove() function by adding a new block fail_remove before the\nfail_put block. After entering the branch if (err) at line 313, the\nfunction will use a goto statement to jump to the fail_remove block,\nensuring that the previously acquired resources are correctly released,\nthus preventing the reference count leak.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:52:44.523Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87106169b4ce26f85561f953d13d1fd86d99b612"
},
{
"url": "https://git.kernel.org/stable/c/0aa9e30b5b4af5dd504801689d6d84c584290a45"
},
{
"url": "https://git.kernel.org/stable/c/e8823e6ff313465910edea07581627d85e68d9fd"
},
{
"url": "https://git.kernel.org/stable/c/3fc0996d2fefe61219375fd650601724b8cf2d30"
},
{
"url": "https://git.kernel.org/stable/c/804b96f8d0a02fa10b92f28b2e042f9128ed3ffc"
},
{
"url": "https://git.kernel.org/stable/c/217bdce88b104269b73603b84d0ab4dd04f481bc"
},
{
"url": "https://git.kernel.org/stable/c/2f977a4c82d35d063f5fe198bbc501c4b1c5ea0e"
},
{
"url": "https://git.kernel.org/stable/c/afc545da381ba0c651b2658966ac737032676f01"
}
],
"title": "xen: Fix the issue of resource not being properly released in xenbus_dev_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53198",
"datePublished": "2024-12-27T13:49:40.339Z",
"dateReserved": "2024-11-19T17:17:25.015Z",
"dateUpdated": "2026-05-11T20:52:44.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53206 (GCVE-0-2024-53206)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-05-23 15:55
VLAI
EPSS
Title
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with
__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().
Then, oreq should be passed to reqsk_put() instead of req; otherwise
use-after-free of nreq could happen when reqsk is migrated but the
retry attempt failed (e.g. due to timeout).
Let's pass oreq to reqsk_put().
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8459d61fbf24967839a70235165673148c7c7f17 , < 2dcc86fefe09ac853158afd96b60d544af115dc5
(git)
Affected: 5071beb59ee416e8ab456ac8647a4dabcda823b1 , < 9a3c1ad93e6fba67b3a637cfa95a57a6685e4908 (git) Affected: 997ae8da14f1639ce6fb66a063dab54031cd61b3 , < 65ed89cad1f57034c256b016e89e8c0a4ec7c65b (git) Affected: 51e34db64f4e43c7b055ccf881b7f3e0c31bb26d , < d0eb14cb8c08b00c36a3d5dc57a6f428b301f721 (git) Affected: e8c526f2bdf1845bedaf6a478816a3d06fa78b8f , < 6d845028609a4af0ad66f499ee0bd5789122b067 (git) Affected: e8c526f2bdf1845bedaf6a478816a3d06fa78b8f , < c31e72d021db2714df03df6c42855a1db592716c (git) Affected: 106e457953315e476b3642ef24be25ed862aaba3 (git) Affected: c964bf65f80a14288d767023a1b300b30f5b9cd0 (git) Affected: 5.15.170 , < 5.15.174 (semver) Affected: 6.1.115 , < 6.1.120 (semver) Affected: 6.6.59 , < 6.6.64 (semver) Affected: 6.11.6 , < 6.11.11 (semver) Affected: 5.4.293 , < 5.5 (semver) Affected: 5.10.237 , < 5.11 (semver) |
|
| Linux | Linux |
Affected:
6.12
Unaffected: 0 , < 6.12 (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:43:21.588054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:45:26.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:34.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/inet_connection_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2dcc86fefe09ac853158afd96b60d544af115dc5",
"status": "affected",
"version": "8459d61fbf24967839a70235165673148c7c7f17",
"versionType": "git"
},
{
"lessThan": "9a3c1ad93e6fba67b3a637cfa95a57a6685e4908",
"status": "affected",
"version": "5071beb59ee416e8ab456ac8647a4dabcda823b1",
"versionType": "git"
},
{
"lessThan": "65ed89cad1f57034c256b016e89e8c0a4ec7c65b",
"status": "affected",
"version": "997ae8da14f1639ce6fb66a063dab54031cd61b3",
"versionType": "git"
},
{
"lessThan": "d0eb14cb8c08b00c36a3d5dc57a6f428b301f721",
"status": "affected",
"version": "51e34db64f4e43c7b055ccf881b7f3e0c31bb26d",
"versionType": "git"
},
{
"lessThan": "6d845028609a4af0ad66f499ee0bd5789122b067",
"status": "affected",
"version": "e8c526f2bdf1845bedaf6a478816a3d06fa78b8f",
"versionType": "git"
},
{
"lessThan": "c31e72d021db2714df03df6c42855a1db592716c",
"status": "affected",
"version": "e8c526f2bdf1845bedaf6a478816a3d06fa78b8f",
"versionType": "git"
},
{
"status": "affected",
"version": "106e457953315e476b3642ef24be25ed862aaba3",
"versionType": "git"
},
{
"status": "affected",
"version": "c964bf65f80a14288d767023a1b300b30f5b9cd0",
"versionType": "git"
},
{
"lessThan": "5.15.174",
"status": "affected",
"version": "5.15.170",
"versionType": "semver"
},
{
"lessThan": "6.1.120",
"status": "affected",
"version": "6.1.115",
"versionType": "semver"
},
{
"lessThan": "6.6.64",
"status": "affected",
"version": "6.6.59",
"versionType": "semver"
},
{
"lessThan": "6.11.11",
"status": "affected",
"version": "6.11.6",
"versionType": "semver"
},
{
"lessThan": "5.5",
"status": "affected",
"version": "5.4.293",
"versionType": "semver"
},
{
"lessThan": "5.11",
"status": "affected",
"version": "5.10.237",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/inet_connection_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "5.15.170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "6.1.115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "6.6.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "6.11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.237",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix use-after-free of nreq in reqsk_timer_handler().\n\nThe cited commit replaced inet_csk_reqsk_queue_drop_and_put() with\n__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().\n\nThen, oreq should be passed to reqsk_put() instead of req; otherwise\nuse-after-free of nreq could happen when reqsk is migrated but the\nretry attempt failed (e.g. due to timeout).\n\nLet\u0027s pass oreq to reqsk_put()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:55:23.925Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2dcc86fefe09ac853158afd96b60d544af115dc5"
},
{
"url": "https://git.kernel.org/stable/c/9a3c1ad93e6fba67b3a637cfa95a57a6685e4908"
},
{
"url": "https://git.kernel.org/stable/c/65ed89cad1f57034c256b016e89e8c0a4ec7c65b"
},
{
"url": "https://git.kernel.org/stable/c/d0eb14cb8c08b00c36a3d5dc57a6f428b301f721"
},
{
"url": "https://git.kernel.org/stable/c/6d845028609a4af0ad66f499ee0bd5789122b067"
},
{
"url": "https://git.kernel.org/stable/c/c31e72d021db2714df03df6c42855a1db592716c"
}
],
"title": "tcp: Fix use-after-free of nreq in reqsk_timer_handler().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53206",
"datePublished": "2024-12-27T13:49:52.131Z",
"dateReserved": "2024-11-19T17:17:25.019Z",
"dateUpdated": "2026-05-23T15:55:23.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53214 (GCVE-0-2024-53214)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-05-11 20:53
VLAI
EPSS
Title
vfio/pci: Properly hide first-in-list PCIe extended capability
Summary
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Properly hide first-in-list PCIe extended capability
There are cases where a PCIe extended capability should be hidden from
the user. For example, an unknown capability (i.e., capability with ID
greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally
chosen to be hidden from the user.
Hiding a capability is done by virtualizing and modifying the 'Next
Capability Offset' field of the previous capability so it points to the
capability after the one that should be hidden.
The special case where the first capability in the list should be hidden
is handled differently because there is no previous capability that can
be modified. In this case, the capability ID and version are zeroed
while leaving the next pointer intact. This hides the capability and
leaves an anchor for the rest of the capability list.
However, today, hiding the first capability in the list is not done
properly if the capability is unknown, as struct
vfio_pci_core_device->pci_config_map is set to the capability ID during
initialization but the capability ID is not properly checked later when
used in vfio_config_do_rw(). This leads to the following warning [1] and
to an out-of-bounds access to ecap_perms array.
Fix it by checking cap_id in vfio_config_do_rw(), and if it is greater
than PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct
read only access instead of the ecap_perms array.
Note that this is safe since the above is the only case where cap_id can
exceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which
are already checked before).
[1]
WARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]
CPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1
(snip)
Call Trace:
<TASK>
? show_regs+0x69/0x80
? __warn+0x8d/0x140
? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]
? report_bug+0x18f/0x1a0
? handle_bug+0x63/0xa0
? exc_invalid_op+0x19/0x70
? asm_exc_invalid_op+0x1b/0x20
? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]
? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core]
vfio_pci_rw+0x101/0x1b0 [vfio_pci_core]
vfio_pci_core_read+0x1d/0x30 [vfio_pci_core]
vfio_device_fops_read+0x27/0x40 [vfio]
vfs_read+0xbd/0x340
? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio]
? __rseq_handle_notify_resume+0xa4/0x4b0
__x64_sys_pread64+0x96/0xc0
x64_sys_call+0x1c3d/0x20d0
do_syscall_64+0x4d/0x120
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 4464e5aa3aa4574063640f1082f7d7e323af8eb4
(git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 7d121f66b67921fb3b95e0ea9856bfba53733e91 (git) Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 0918f5643fc6c3f7801f4a22397d2cc09ba99207 (git) Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 9567bd34aa3b986736c290c5bcba47e0182ac47a (git) Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 6c6502d944168cbd7e03a4a08ad6488f78d73485 (git) Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 06f2fcf49854ad05a09d09e0dbee6544fff04695 (git) Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 949bee8065a85a5c6607c624dc05b5bc17119699 (git) Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 1ef195178fb552478eb2587df4ad3be14ef76507 (git) Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < fe4bf8d0b6716a423b16495d55b35d3fe515905d (git) |
|
| Linux | Linux |
Affected:
3.6
Unaffected: 0 , < 3.6 (semver) Unaffected: 4.19.325 , ≤ 4.19.* (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:03:33.423876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:07:19.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:42.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4464e5aa3aa4574063640f1082f7d7e323af8eb4",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "7d121f66b67921fb3b95e0ea9856bfba53733e91",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "0918f5643fc6c3f7801f4a22397d2cc09ba99207",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "9567bd34aa3b986736c290c5bcba47e0182ac47a",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "6c6502d944168cbd7e03a4a08ad6488f78d73485",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "06f2fcf49854ad05a09d09e0dbee6544fff04695",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "949bee8065a85a5c6607c624dc05b5bc17119699",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "1ef195178fb552478eb2587df4ad3be14ef76507",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
},
{
"lessThan": "fe4bf8d0b6716a423b16495d55b35d3fe515905d",
"status": "affected",
"version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/pci/vfio_pci_config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Properly hide first-in-list PCIe extended capability\n\nThere are cases where a PCIe extended capability should be hidden from\nthe user. For example, an unknown capability (i.e., capability with ID\ngreater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally\nchosen to be hidden from the user.\n\nHiding a capability is done by virtualizing and modifying the \u0027Next\nCapability Offset\u0027 field of the previous capability so it points to the\ncapability after the one that should be hidden.\n\nThe special case where the first capability in the list should be hidden\nis handled differently because there is no previous capability that can\nbe modified. In this case, the capability ID and version are zeroed\nwhile leaving the next pointer intact. This hides the capability and\nleaves an anchor for the rest of the capability list.\n\nHowever, today, hiding the first capability in the list is not done\nproperly if the capability is unknown, as struct\nvfio_pci_core_device-\u003epci_config_map is set to the capability ID during\ninitialization but the capability ID is not properly checked later when\nused in vfio_config_do_rw(). This leads to the following warning [1] and\nto an out-of-bounds access to ecap_perms array.\n\nFix it by checking cap_id in vfio_config_do_rw(), and if it is greater\nthan PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct\nread only access instead of the ecap_perms array.\n\nNote that this is safe since the above is the only case where cap_id can\nexceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which\nare already checked before).\n\n[1]\n\nWARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\nCPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1\n(snip)\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x69/0x80\n ? __warn+0x8d/0x140\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? report_bug+0x18f/0x1a0\n ? handle_bug+0x63/0xa0\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core]\n vfio_pci_rw+0x101/0x1b0 [vfio_pci_core]\n vfio_pci_core_read+0x1d/0x30 [vfio_pci_core]\n vfio_device_fops_read+0x27/0x40 [vfio]\n vfs_read+0xbd/0x340\n ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio]\n ? __rseq_handle_notify_resume+0xa4/0x4b0\n __x64_sys_pread64+0x96/0xc0\n x64_sys_call+0x1c3d/0x20d0\n do_syscall_64+0x4d/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:53:03.255Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4464e5aa3aa4574063640f1082f7d7e323af8eb4"
},
{
"url": "https://git.kernel.org/stable/c/7d121f66b67921fb3b95e0ea9856bfba53733e91"
},
{
"url": "https://git.kernel.org/stable/c/0918f5643fc6c3f7801f4a22397d2cc09ba99207"
},
{
"url": "https://git.kernel.org/stable/c/9567bd34aa3b986736c290c5bcba47e0182ac47a"
},
{
"url": "https://git.kernel.org/stable/c/6c6502d944168cbd7e03a4a08ad6488f78d73485"
},
{
"url": "https://git.kernel.org/stable/c/06f2fcf49854ad05a09d09e0dbee6544fff04695"
},
{
"url": "https://git.kernel.org/stable/c/949bee8065a85a5c6607c624dc05b5bc17119699"
},
{
"url": "https://git.kernel.org/stable/c/1ef195178fb552478eb2587df4ad3be14ef76507"
},
{
"url": "https://git.kernel.org/stable/c/fe4bf8d0b6716a423b16495d55b35d3fe515905d"
}
],
"title": "vfio/pci: Properly hide first-in-list PCIe extended capability",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53214",
"datePublished": "2024-12-27T13:49:59.555Z",
"dateReserved": "2024-11-19T17:17:25.023Z",
"dateUpdated": "2026-05-11T20:53:03.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53215 (GCVE-0-2024-53215)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2026-05-11 20:53
VLAI
EPSS
Title
svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
Summary
In the Linux kernel, the following vulnerability has been resolved:
svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
There's issue as follows:
RPC: Registered rdma transport module.
RPC: Registered rdma backchannel transport module.
RPC: Unregistered rdma transport module.
RPC: Unregistered rdma backchannel transport module.
BUG: unable to handle page fault for address: fffffbfff80c609a
PGD 123fee067 P4D 123fee067 PUD 123fea067 PMD 10c624067 PTE 0
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
RIP: 0010:percpu_counter_destroy_many+0xf7/0x2a0
Call Trace:
<TASK>
__die+0x1f/0x70
page_fault_oops+0x2cd/0x860
spurious_kernel_fault+0x36/0x450
do_kern_addr_fault+0xca/0x100
exc_page_fault+0x128/0x150
asm_exc_page_fault+0x26/0x30
percpu_counter_destroy_many+0xf7/0x2a0
mmdrop+0x209/0x350
finish_task_switch.isra.0+0x481/0x840
schedule_tail+0xe/0xd0
ret_from_fork+0x23/0x80
ret_from_fork_asm+0x1a/0x30
</TASK>
If register_sysctl() return NULL, then svc_rdma_proc_cleanup() will not
destroy the percpu counters which init in svc_rdma_proc_init().
If CONFIG_HOTPLUG_CPU is enabled, residual nodes may be in the
'percpu_counters' list. The above issue may occur once the module is
removed. If the CONFIG_HOTPLUG_CPU configuration is not enabled, memory
leakage occurs.
To solve above issue just destroy all percpu counters when
register_sysctl() return NULL.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
df971cd853c05778ae1175e8aeb80a04bb9d4be5 , < a12c897adf40b6e2b4a56e6912380c31bd7b2479
(git)
Affected: df971cd853c05778ae1175e8aeb80a04bb9d4be5 , < 94d2d6d398706ab7218a26d61e12919c4b498e09 (git) Affected: df971cd853c05778ae1175e8aeb80a04bb9d4be5 , < 1c9a99c89e45b22eb556fd2f3f729f2683f247d5 (git) Affected: df971cd853c05778ae1175e8aeb80a04bb9d4be5 , < ebf47215d46992caea660ec01cd618005d9e687a (git) Affected: df971cd853c05778ae1175e8aeb80a04bb9d4be5 , < 20322edcbad82a60321a8615a99ca73a9611115f (git) Affected: df971cd853c05778ae1175e8aeb80a04bb9d4be5 , < ce89e742a4c12b20f09a43fec1b21db33f2166cd (git) |
|
| Linux | Linux |
Affected:
5.12
Unaffected: 0 , < 5.12 (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:03:29.887526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:07:19.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:43.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/svc_rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a12c897adf40b6e2b4a56e6912380c31bd7b2479",
"status": "affected",
"version": "df971cd853c05778ae1175e8aeb80a04bb9d4be5",
"versionType": "git"
},
{
"lessThan": "94d2d6d398706ab7218a26d61e12919c4b498e09",
"status": "affected",
"version": "df971cd853c05778ae1175e8aeb80a04bb9d4be5",
"versionType": "git"
},
{
"lessThan": "1c9a99c89e45b22eb556fd2f3f729f2683f247d5",
"status": "affected",
"version": "df971cd853c05778ae1175e8aeb80a04bb9d4be5",
"versionType": "git"
},
{
"lessThan": "ebf47215d46992caea660ec01cd618005d9e687a",
"status": "affected",
"version": "df971cd853c05778ae1175e8aeb80a04bb9d4be5",
"versionType": "git"
},
{
"lessThan": "20322edcbad82a60321a8615a99ca73a9611115f",
"status": "affected",
"version": "df971cd853c05778ae1175e8aeb80a04bb9d4be5",
"versionType": "git"
},
{
"lessThan": "ce89e742a4c12b20f09a43fec1b21db33f2166cd",
"status": "affected",
"version": "df971cd853c05778ae1175e8aeb80a04bb9d4be5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/svc_rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()\n\nThere\u0027s issue as follows:\nRPC: Registered rdma transport module.\nRPC: Registered rdma backchannel transport module.\nRPC: Unregistered rdma transport module.\nRPC: Unregistered rdma backchannel transport module.\nBUG: unable to handle page fault for address: fffffbfff80c609a\nPGD 123fee067 P4D 123fee067 PUD 123fea067 PMD 10c624067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI\nRIP: 0010:percpu_counter_destroy_many+0xf7/0x2a0\nCall Trace:\n \u003cTASK\u003e\n __die+0x1f/0x70\n page_fault_oops+0x2cd/0x860\n spurious_kernel_fault+0x36/0x450\n do_kern_addr_fault+0xca/0x100\n exc_page_fault+0x128/0x150\n asm_exc_page_fault+0x26/0x30\n percpu_counter_destroy_many+0xf7/0x2a0\n mmdrop+0x209/0x350\n finish_task_switch.isra.0+0x481/0x840\n schedule_tail+0xe/0xd0\n ret_from_fork+0x23/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nIf register_sysctl() return NULL, then svc_rdma_proc_cleanup() will not\ndestroy the percpu counters which init in svc_rdma_proc_init().\nIf CONFIG_HOTPLUG_CPU is enabled, residual nodes may be in the\n\u0027percpu_counters\u0027 list. The above issue may occur once the module is\nremoved. If the CONFIG_HOTPLUG_CPU configuration is not enabled, memory\nleakage occurs.\nTo solve above issue just destroy all percpu counters when\nregister_sysctl() return NULL."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:53:04.457Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a12c897adf40b6e2b4a56e6912380c31bd7b2479"
},
{
"url": "https://git.kernel.org/stable/c/94d2d6d398706ab7218a26d61e12919c4b498e09"
},
{
"url": "https://git.kernel.org/stable/c/1c9a99c89e45b22eb556fd2f3f729f2683f247d5"
},
{
"url": "https://git.kernel.org/stable/c/ebf47215d46992caea660ec01cd618005d9e687a"
},
{
"url": "https://git.kernel.org/stable/c/20322edcbad82a60321a8615a99ca73a9611115f"
},
{
"url": "https://git.kernel.org/stable/c/ce89e742a4c12b20f09a43fec1b21db33f2166cd"
}
],
"title": "svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53215",
"datePublished": "2024-12-27T13:50:00.688Z",
"dateReserved": "2024-11-19T17:17:25.023Z",
"dateUpdated": "2026-05-11T20:53:04.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53217 (GCVE-0-2024-53217)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2026-05-11 20:53
VLAI
EPSS
Title
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no
available backchannel session, setup_callback_client() will try to
dereference @ses and segfault.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < d9a0d1f6e15859ea7a86a327f28491e23deaaa62
(git)
Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < cac1405e3ff6685a438e910ad719e0cf06af90ee (git) Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 752a75811f27300fe8131b0a1efc91960f6f88e7 (git) Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < c5d90f9302742985a5078e42ac38de42c364c44a (git) Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 0c3b0e326f838787d229314d4de83af9c53347e8 (git) Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < eb51733ae5fc73d95bd857d5da26f9f65b202a79 (git) Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 03178cd8f67227015debb700123987fe96275cd1 (git) Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 4a4ffc1aa9d618e41ad9151f40966e402e58a5a2 (git) Affected: dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 , < 1e02c641c3a43c88cecc08402000418e15578d38 (git) |
|
| Linux | Linux |
Affected:
2.6.38
Unaffected: 0 , < 2.6.38 (semver) Unaffected: 4.19.325 , ≤ 4.19.* (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:03:26.697178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:07:19.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:47.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4callback.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d9a0d1f6e15859ea7a86a327f28491e23deaaa62",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "cac1405e3ff6685a438e910ad719e0cf06af90ee",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "752a75811f27300fe8131b0a1efc91960f6f88e7",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "c5d90f9302742985a5078e42ac38de42c364c44a",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "0c3b0e326f838787d229314d4de83af9c53347e8",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "eb51733ae5fc73d95bd857d5da26f9f65b202a79",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "03178cd8f67227015debb700123987fe96275cd1",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "4a4ffc1aa9d618e41ad9151f40966e402e58a5a2",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
},
{
"lessThan": "1e02c641c3a43c88cecc08402000418e15578d38",
"status": "affected",
"version": "dcbeaa68dbbdacbbb330a86c7fc95a28473fc209",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4callback.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Prevent NULL dereference in nfsd4_process_cb_update()\n\n@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no\navailable backchannel session, setup_callback_client() will try to\ndereference @ses and segfault."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:53:06.802Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d9a0d1f6e15859ea7a86a327f28491e23deaaa62"
},
{
"url": "https://git.kernel.org/stable/c/cac1405e3ff6685a438e910ad719e0cf06af90ee"
},
{
"url": "https://git.kernel.org/stable/c/752a75811f27300fe8131b0a1efc91960f6f88e7"
},
{
"url": "https://git.kernel.org/stable/c/c5d90f9302742985a5078e42ac38de42c364c44a"
},
{
"url": "https://git.kernel.org/stable/c/0c3b0e326f838787d229314d4de83af9c53347e8"
},
{
"url": "https://git.kernel.org/stable/c/eb51733ae5fc73d95bd857d5da26f9f65b202a79"
},
{
"url": "https://git.kernel.org/stable/c/03178cd8f67227015debb700123987fe96275cd1"
},
{
"url": "https://git.kernel.org/stable/c/4a4ffc1aa9d618e41ad9151f40966e402e58a5a2"
},
{
"url": "https://git.kernel.org/stable/c/1e02c641c3a43c88cecc08402000418e15578d38"
}
],
"title": "NFSD: Prevent NULL dereference in nfsd4_process_cb_update()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53217",
"datePublished": "2024-12-27T13:50:02.727Z",
"dateReserved": "2024-11-19T17:17:25.024Z",
"dateUpdated": "2026-05-11T20:53:06.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53226 (GCVE-0-2024-53226)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2026-05-23 15:55
VLAI
EPSS
Title
RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
ib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.
The driver needs to check whether it is a NULL pointer before
dereferencing it.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
edc2dee07ab4ae2188b9780c453a64032162a5a0 , < bd715e191d444992d6ed124f15856da5c1cae2de
(git)
Affected: 3c301b8a046b57e3de14c6fc669d81dcb71bb5b5 , < 35f5b68f63aac61d30ce0b0c6beb09b8845a3e65 (git) Affected: 5a13652ac34be9b60feec89835763574825a8905 , < 52617e76f4963644db71dc0a17e998654dc0c7f4 (git) Affected: 4d480e45cb7fffb9d9b49924469c1f458068080a , < 6b0d7d6e6883d0ec70cd7b5a02c47c003d5defe7 (git) Affected: d387d4b54eb84208bd4ca13572e106851d0a0819 , < 71becb0e9df78a8d43dfd0efcef18c830a0af477 (git) Affected: d387d4b54eb84208bd4ca13572e106851d0a0819 , < 8c269bb2cc666ca580271e1a8136c63ac9162e1e (git) Affected: d387d4b54eb84208bd4ca13572e106851d0a0819 , < 6b526d17eed850352d880b93b9bf20b93006bd92 (git) Affected: ecdf900a5a3372bc0208e0701a116f112eb6039c (git) Affected: 5.10.224 , < 5.10.231 (semver) Affected: 5.15.165 , < 5.15.174 (semver) Affected: 6.1.103 , < 6.1.120 (semver) Affected: 6.6.44 , < 6.6.64 (semver) Affected: 6.10.3 , < 6.11 (semver) |
|
| Linux | Linux |
Affected:
6.11
Unaffected: 0 , < 6.11 (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:03:16.988546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:07:18.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:51.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_mr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd715e191d444992d6ed124f15856da5c1cae2de",
"status": "affected",
"version": "edc2dee07ab4ae2188b9780c453a64032162a5a0",
"versionType": "git"
},
{
"lessThan": "35f5b68f63aac61d30ce0b0c6beb09b8845a3e65",
"status": "affected",
"version": "3c301b8a046b57e3de14c6fc669d81dcb71bb5b5",
"versionType": "git"
},
{
"lessThan": "52617e76f4963644db71dc0a17e998654dc0c7f4",
"status": "affected",
"version": "5a13652ac34be9b60feec89835763574825a8905",
"versionType": "git"
},
{
"lessThan": "6b0d7d6e6883d0ec70cd7b5a02c47c003d5defe7",
"status": "affected",
"version": "4d480e45cb7fffb9d9b49924469c1f458068080a",
"versionType": "git"
},
{
"lessThan": "71becb0e9df78a8d43dfd0efcef18c830a0af477",
"status": "affected",
"version": "d387d4b54eb84208bd4ca13572e106851d0a0819",
"versionType": "git"
},
{
"lessThan": "8c269bb2cc666ca580271e1a8136c63ac9162e1e",
"status": "affected",
"version": "d387d4b54eb84208bd4ca13572e106851d0a0819",
"versionType": "git"
},
{
"lessThan": "6b526d17eed850352d880b93b9bf20b93006bd92",
"status": "affected",
"version": "d387d4b54eb84208bd4ca13572e106851d0a0819",
"versionType": "git"
},
{
"status": "affected",
"version": "ecdf900a5a3372bc0208e0701a116f112eb6039c",
"versionType": "git"
},
{
"lessThan": "5.10.231",
"status": "affected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThan": "5.15.174",
"status": "affected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThan": "6.1.120",
"status": "affected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThan": "6.6.64",
"status": "affected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThan": "6.11",
"status": "affected",
"version": "6.10.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hns/hns_roce_mr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "5.10.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "5.15.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "6.1.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "6.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:55:28.333Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd715e191d444992d6ed124f15856da5c1cae2de"
},
{
"url": "https://git.kernel.org/stable/c/35f5b68f63aac61d30ce0b0c6beb09b8845a3e65"
},
{
"url": "https://git.kernel.org/stable/c/52617e76f4963644db71dc0a17e998654dc0c7f4"
},
{
"url": "https://git.kernel.org/stable/c/6b0d7d6e6883d0ec70cd7b5a02c47c003d5defe7"
},
{
"url": "https://git.kernel.org/stable/c/71becb0e9df78a8d43dfd0efcef18c830a0af477"
},
{
"url": "https://git.kernel.org/stable/c/8c269bb2cc666ca580271e1a8136c63ac9162e1e"
},
{
"url": "https://git.kernel.org/stable/c/6b526d17eed850352d880b93b9bf20b93006bd92"
}
],
"title": "RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53226",
"datePublished": "2024-12-27T13:50:15.488Z",
"dateReserved": "2024-11-19T17:17:25.025Z",
"dateUpdated": "2026-05-23T15:55:28.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53227 (GCVE-0-2024-53227)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2026-05-11 20:53
VLAI
EPSS
Title
scsi: bfa: Fix use-after-free in bfad_im_module_exit()
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: bfa: Fix use-after-free in bfad_im_module_exit()
BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20
Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303
Call Trace:
<TASK>
dump_stack_lvl+0x95/0xe0
print_report+0xcb/0x620
kasan_report+0xbd/0xf0
__lock_acquire+0x2aca/0x3a20
lock_acquire+0x19b/0x520
_raw_spin_lock+0x2b/0x40
attribute_container_unregister+0x30/0x160
fc_release_transport+0x19/0x90 [scsi_transport_fc]
bfad_im_module_exit+0x23/0x60 [bfa]
bfad_init+0xdb/0xff0 [bfa]
do_one_initcall+0xdc/0x550
do_init_module+0x22d/0x6b0
load_module+0x4e96/0x5ff0
init_module_from_file+0xcd/0x130
idempotent_init_module+0x330/0x620
__x64_sys_finit_module+0xb3/0x110
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
</TASK>
Allocated by task 25303:
kasan_save_stack+0x24/0x50
kasan_save_track+0x14/0x30
__kasan_kmalloc+0x7f/0x90
fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]
bfad_im_module_init+0x17/0x80 [bfa]
bfad_init+0x23/0xff0 [bfa]
do_one_initcall+0xdc/0x550
do_init_module+0x22d/0x6b0
load_module+0x4e96/0x5ff0
init_module_from_file+0xcd/0x130
idempotent_init_module+0x330/0x620
__x64_sys_finit_module+0xb3/0x110
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 25303:
kasan_save_stack+0x24/0x50
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x38/0x50
kfree+0x212/0x480
bfad_im_module_init+0x7e/0x80 [bfa]
bfad_init+0x23/0xff0 [bfa]
do_one_initcall+0xdc/0x550
do_init_module+0x22d/0x6b0
load_module+0x4e96/0x5ff0
init_module_from_file+0xcd/0x130
idempotent_init_module+0x330/0x620
__x64_sys_finit_module+0xb3/0x110
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Above issue happens as follows:
bfad_init
error = bfad_im_module_init()
fc_release_transport(bfad_im_scsi_transport_template);
if (error)
goto ext;
ext:
bfad_im_module_exit();
fc_release_transport(bfad_im_scsi_transport_template);
--> Trigger double release
Don't call bfad_im_module_exit() if bfad_im_module_init() failed.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 0ceac8012d3ddea3317f0d82934293d05feb8af1
(git)
Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 3932c753f805a02e9364a4c58b590f21901f8490 (git) Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < ef2c2580189ea88a0dcaf56eb3a565763a900edb (git) Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < e76181a5be90abcc3ed8a300bd13878aa214d022 (git) Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 8f5a97443b547b4c83f876f1d6a11df0f1fd4efb (git) Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < c28409f851abd93b37969cac7498828ad533afd9 (git) Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 1ffdde30a90bf8efe8f270407f486706962b3292 (git) Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < a2b5035ab0e368e8d8a371e27fbc72f133c0bd40 (git) Affected: 7725ccfda59715ecf8f99e3b520a0b84cc2ea79e , < 178b8f38932d635e90f5f0e9af1986c6f4a89271 (git) |
|
| Linux | Linux |
Affected:
2.6.32
Unaffected: 0 , < 2.6.32 (semver) Unaffected: 4.19.325 , ≤ 4.19.* (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:43:06.746226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:45:25.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:54.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bfa/bfad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0ceac8012d3ddea3317f0d82934293d05feb8af1",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "3932c753f805a02e9364a4c58b590f21901f8490",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "ef2c2580189ea88a0dcaf56eb3a565763a900edb",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "e76181a5be90abcc3ed8a300bd13878aa214d022",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "8f5a97443b547b4c83f876f1d6a11df0f1fd4efb",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "c28409f851abd93b37969cac7498828ad533afd9",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "1ffdde30a90bf8efe8f270407f486706962b3292",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "a2b5035ab0e368e8d8a371e27fbc72f133c0bd40",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
},
{
"lessThan": "178b8f38932d635e90f5f0e9af1986c6f4a89271",
"status": "affected",
"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bfa/bfad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x95/0xe0\n print_report+0xcb/0x620\n kasan_report+0xbd/0xf0\n __lock_acquire+0x2aca/0x3a20\n lock_acquire+0x19b/0x520\n _raw_spin_lock+0x2b/0x40\n attribute_container_unregister+0x30/0x160\n fc_release_transport+0x19/0x90 [scsi_transport_fc]\n bfad_im_module_exit+0x23/0x60 [bfa]\n bfad_init+0xdb/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\n bfad_im_module_init+0x17/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x38/0x50\n kfree+0x212/0x480\n bfad_im_module_init+0x7e/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAbove issue happens as follows:\n\nbfad_init\n error = bfad_im_module_init()\n fc_release_transport(bfad_im_scsi_transport_template);\n if (error)\n goto ext;\n\next:\n bfad_im_module_exit();\n fc_release_transport(bfad_im_scsi_transport_template);\n --\u003e Trigger double release\n\nDon\u0027t call bfad_im_module_exit() if bfad_im_module_init() failed."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:53:18.703Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1"
},
{
"url": "https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490"
},
{
"url": "https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb"
},
{
"url": "https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022"
},
{
"url": "https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb"
},
{
"url": "https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9"
},
{
"url": "https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292"
},
{
"url": "https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40"
},
{
"url": "https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271"
}
],
"title": "scsi: bfa: Fix use-after-free in bfad_im_module_exit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53227",
"datePublished": "2024-12-27T13:50:16.175Z",
"dateReserved": "2024-11-19T17:17:25.025Z",
"dateUpdated": "2026-05-11T20:53:18.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…