CVE-2024-27049 (GCVE-0-2024-27049)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:54 – Updated: 2025-05-04 09:03
VLAI?
Title
wifi: mt76: mt7925e: fix use-after-free in free_irq()
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: c948b5da6bbec742b433138e3e3f9537a85af2e5 , < 84470b48af03a818039d587478b415cbcb264ff5 (git)
Affected: c948b5da6bbec742b433138e3e3f9537a85af2e5 , < 6d9930096e1f13cf6d9aabfbf95d0e05fb04144f (git)
Affected: c948b5da6bbec742b433138e3e3f9537a85af2e5 , < a5a5f4413d91f395cb2d89829d376d7393ad48b9 (git)
Create a notification for this product.
    Linux Linux Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27049",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T16:17:01.567202Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:48.855Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt7925/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84470b48af03a818039d587478b415cbcb264ff5",
              "status": "affected",
              "version": "c948b5da6bbec742b433138e3e3f9537a85af2e5",
              "versionType": "git"
            },
            {
              "lessThan": "6d9930096e1f13cf6d9aabfbf95d0e05fb04144f",
              "status": "affected",
              "version": "c948b5da6bbec742b433138e3e3f9537a85af2e5",
              "versionType": "git"
            },
            {
              "lessThan": "a5a5f4413d91f395cb2d89829d376d7393ad48b9",
              "status": "affected",
              "version": "c948b5da6bbec742b433138e3e3f9537a85af2e5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt7925/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let\u0027s apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:03:06.880Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9"
        }
      ],
      "title": "wifi: mt76: mt7925e: fix use-after-free in free_irq()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27049",
    "datePublished": "2024-05-01T12:54:32.122Z",
    "dateReserved": "2024-02-19T14:20:24.213Z",
    "dateUpdated": "2025-05-04T09:03:06.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27049\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T13:15:50.020\",\"lastModified\":\"2024-12-23T19:11:05.037\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\\n\\nFrom commit a304e1b82808 (\\\"[PATCH] Debug shared irqs\\\"), there is a test\\nto make sure the shared irq handler should be able to handle the unexpected\\nevent after deregistration. For this case, let\u0027s apply MT76_REMOVED flag to\\nindicate the device was removed and do not run into the resource access\\nanymore.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7925e: fix use-after-free in free_irq() Desde el commit a304e1b82808 (\\\"[PATCH] Depurar irqs compartidas\\\"), existe una prueba para asegurarse de que El controlador de irq compartido deber\u00eda poder manejar el evento inesperado despu\u00e9s de la cancelaci\u00f3n del registro. Para este caso, apliquemos el indicador MT76_REMOVED para indicar que el dispositivo fue eliminado y que ya no se puede acceder al recurso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.11\",\"matchCriteriaId\":\"9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.8.2\",\"matchCriteriaId\":\"543A75FF-25B8-4046-A514-1EA8EDD87AB1\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:21:05.929Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27049\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-28T16:17:01.567202Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-28T16:17:09.759Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"wifi: mt76: mt7925e: fix use-after-free in free_irq()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"c948b5da6bbec742b433138e3e3f9537a85af2e5\", \"lessThan\": \"84470b48af03a818039d587478b415cbcb264ff5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c948b5da6bbec742b433138e3e3f9537a85af2e5\", \"lessThan\": \"6d9930096e1f13cf6d9aabfbf95d0e05fb04144f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c948b5da6bbec742b433138e3e3f9537a85af2e5\", \"lessThan\": \"a5a5f4413d91f395cb2d89829d376d7393ad48b9\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/wireless/mediatek/mt76/mt7925/pci.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.7\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.7\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.7.11\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/wireless/mediatek/mt76/mt7925/pci.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5\"}, {\"url\": \"https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f\"}, {\"url\": \"https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\\n\\nFrom commit a304e1b82808 (\\\"[PATCH] Debug shared irqs\\\"), there is a test\\nto make sure the shared irq handler should be able to handle the unexpected\\nevent after deregistration. For this case, let\u0027s apply MT76_REMOVED flag to\\nindicate the device was removed and do not run into the resource access\\nanymore.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.11\", \"versionStartIncluding\": \"6.7\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8.2\", \"versionStartIncluding\": \"6.7\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9\", \"versionStartIncluding\": \"6.7\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:03:06.880Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-27049\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:03:06.880Z\", \"dateReserved\": \"2024-02-19T14:20:24.213Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-01T12:54:32.122Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.