{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39493", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.748Z", "datePublished": "2024-07-10T07:18:39.443Z", "dateUpdated": "2024-08-02T04:26:16.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:50:31.925Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it's still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/intel/qat/qat_common/adf_aer.c"], "versions": [{"version": "daba62d9eedd", "lessThan": "0ce5964b82f2", "status": "affected", "versionType": "git"}, {"version": "8e81cd58aee1", "lessThan": "6396b33e98c0", "status": "affected", "versionType": "git"}, {"version": "d03092550f52", "lessThan": "a718b6d2a329", "status": "affected", "versionType": "git"}, {"version": "4ae5a97781ce", "lessThan": "3fb4601e0db1", "status": "affected", "versionType": "git"}, {"version": "226fc408c5fc", "lessThan": "e7428e7e3fe9", "status": "affected", "versionType": "git"}, {"version": "8a5a7611ccc7", "lessThan": "c2d443aa1ae3", "status": "affected", "versionType": "git"}, {"version": "7d42e097607c", "lessThan": "d0fd12497272", "status": "affected", "versionType": "git"}, {"version": "7d42e097607c", "lessThan": "d3b17c6d9ddd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/intel/qat/qat_common/adf_aer.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.94", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.34", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.5", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"}, {"url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"}, {"url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"}, {"url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"}, {"url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"}, {"url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"}, {"url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"}, {"url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"}], "title": "crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-10T13:38:46.024569Z", "id": "CVE-2024-39493", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T13:39:00.365Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:16.000Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:16.000Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39493", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-10T13:38:46.024569Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T13:38:52.663Z"}}], "cna": {"title": "crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "daba62d9eedd", "lessThan": "0ce5964b82f2", "versionType": "git"}, {"status": "affected", "version": "8e81cd58aee1", "lessThan": "6396b33e98c0", "versionType": "git"}, {"status": "affected", "version": "d03092550f52", "lessThan": "a718b6d2a329", "versionType": "git"}, {"status": "affected", "version": "4ae5a97781ce", "lessThan": "3fb4601e0db1", "versionType": "git"}, {"status": "affected", "version": "226fc408c5fc", "lessThan": "e7428e7e3fe9", "versionType": "git"}, {"status": "affected", "version": "8a5a7611ccc7", "lessThan": "c2d443aa1ae3", "versionType": "git"}, {"status": "affected", "version": "7d42e097607c", "lessThan": "d0fd12497272", "versionType": "git"}, {"status": "affected", "version": "7d42e097607c", "lessThan": "d3b17c6d9ddd", "versionType": "git"}], "programFiles": ["drivers/crypto/intel/qat/qat_common/adf_aer.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.9"}, {"status": "unaffected", "version": "0", "lessThan": "6.9", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.316", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.278", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.94", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.34", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.5", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/crypto/intel/qat/qat_common/adf_aer.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"}, {"url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"}, {"url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"}, {"url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"}, {"url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"}, {"url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"}, {"url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"}, {"url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it's still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:50:31.925Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39493", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:26:16.000Z", "dateReserved": "2024-06-25T14:23:23.748Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-10T07:18:39.443Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D26B120-31EC-4900-BA59-4C7E3305CA07", "versionEndExcluding": "4.19.316", "versionStartIncluding": "4.19.312", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBA12E3E-3226-4BFE-80FA-CD00384BB4A8", "versionEndExcluding": "5.4.278", "versionStartIncluding": "5.4.274", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFD9B2DB-0408-4028-A90E-3F67DBA2BE2E", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.10.215", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3873B618-2078-4018-8EE8-F39FEC6600A3", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.15.154", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "03CF3F67-B04C-40E6-93AB-3D7671078945", "versionEndExcluding": "6.1.94", "versionStartIncluding": "6.1.84", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDE3D0DB-AC9D-469B-B743-26B80E88500B", "versionEndExcluding": "6.6.34", "versionStartIncluding": "6.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54EDFD02-25E6-4BC8-9AD0-0A59881F400A", "versionEndExcluding": "6.9.5", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it's still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: qat: corrige la p\u00e9rdida de memoria ADF_DEV_RESET_SYNC. El uso de complete_done para determinar si la persona que llama se ha ido solo funciona despu\u00e9s de una llamada completa. Adem\u00e1s, a\u00fan es posible que la persona que llama a\u00fan no haya llamado a wait_for_completion, lo que genera otra posible UAF. Solucione este problema haciendo que la persona que llama use cancel_work_sync y luego liberando la memoria de forma segura."}], "id": "CVE-2024-39493", "lastModified": "2024-07-31T15:38:54.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-10T08:15:11.427", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak", "id": "2297065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297065"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it's still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely."], "name": "CVE-2024-39493", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39493\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39493\nhttps://lore.kernel.org/linux-cve-announce/2024071042-CVE-2024-39493-ec00@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.316, kernel 5.4.278, kernel 5.10.219, kernel 5.15.161, kernel 6.1.94, kernel 6.6.34, kernel 6.9.5, kernel 6.10-rc1"}