OpenCVE

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.31.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z
kernel-0:5.14.0-427.31.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:5363	2024-08-15T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f
https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5
https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9
https://lore.kernel.org/linux-cve-announce/2024050114-CVE-2024-27049-a5a1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27049
https://www.cve.org/CVERecord?id=CVE-2024-27049

History

Fri, 16 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-01T12:54:32.122Z

Updated: 2024-11-05T09:20:42.018Z

Reserved: 2024-02-19T14:20:24.213Z

Link: CVE-2024-27049

Vulnrichment

Updated: 2024-05-28T16:17:09.759Z

NVD

Status : Awaiting Analysis

Published: 2024-05-01T13:15:50.020

Modified: 2024-11-21T09:03:44.820

Link: CVE-2024-27049

Redhat

Severity : Moderate

Publid Date: 2024-05-01T00:00:00Z

Links: CVE-2024-27049 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27049", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.213Z", "datePublished": "2024-05-01T12:54:32.122Z", "dateUpdated": "2024-11-05T09:20:42.018Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:20:42.018Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let's apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/pci.c"], "versions": [{"version": "c948b5da6bbe", "lessThan": "84470b48af03", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbe", "lessThan": "6d9930096e1f", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbe", "lessThan": "a5a5f4413d91", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/pci.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5"}, {"url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f"}, {"url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9"}], "title": "wifi: mt76: mt7925e: fix use-after-free in free_irq()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T16:17:01.567202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:48.855Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.929Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27049", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.213Z", "datePublished": "2024-05-01T12:54:32.122Z", "dateUpdated": "2024-06-04T17:46:48.855Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:27:38.673Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let's apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/pci.c"], "versions": [{"version": "c948b5da6bbe", "lessThan": "84470b48af03", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbe", "lessThan": "6d9930096e1f", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbe", "lessThan": "a5a5f4413d91", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/pci.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5"}, {"url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f"}, {"url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9"}], "title": "wifi: mt76: mt7925e: fix use-after-free in free_irq()", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T16:17:01.567202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T16:17:09.759Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"affected_release": [{"advisory": "RHSA-2024:5363", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}], "bugzilla": {"description": "kernel: wifi: mt76: mt7925e: fix use-after-free in free_irq()", "id": "2278429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278429"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let's apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore.", "A use-after-free flaw was found in free_irq() in the Linux kernel."], "name": "CVE-2024-27049", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27049\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27049\nhttps://lore.kernel.org/linux-cve-announce/2024050114-CVE-2024-27049-a5a1@gregkh/T"], "statement": "Red Hat Enterprise Linux 8 is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.7.11, kernel 6.8.2, kernel 6.9-rc1"}