{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40956", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.593Z", "datePublished": "2024-07-12T12:31:59.027Z", "dateUpdated": "2024-09-11T17:34:24.154Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:52:10.322Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/irq.c"], "versions": [{"version": "16e19e11228b", "lessThan": "1b08bf5a17c6", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "83163667d881", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "faa35db78b05", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "a14968921486", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "e3215deca452", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/irq.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"}, {"url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"}, {"url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"}, {"url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"}, {"url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"}], "title": "dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.606Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:03:42.094021Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:24.154Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40956", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.593Z", "datePublished": "2024-07-12T12:31:59.027Z", "dateUpdated": "2024-08-02T04:39:55.606Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:52:10.322Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/irq.c"], "versions": [{"version": "16e19e11228b", "lessThan": "1b08bf5a17c6", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "83163667d881", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "faa35db78b05", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "a14968921486", "status": "affected", "versionType": "git"}, {"version": "16e19e11228b", "lessThan": "e3215deca452", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/irq.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"}, {"url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"}, {"url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"}, {"url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"}, {"url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"}], "title": "dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:03:42.094021Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:22.434Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E887B4-732A-40D2-9983-CC6F281EBFB7", "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1046C95-860A-45B0-B718-2B29F65BFF10", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: corrija posible Use-After-Free en irq_process_work_list Use list_for_each_entry_safe() para permitir iterar a trav\u00e9s de la lista y eliminar la entrada en el proceso de iteraci\u00f3n. El descriptor se libera a trav\u00e9s de idxd_desc_complete() y existe una peque\u00f1a posibilidad de que cause problemas para el iterador de la lista cuando otro subproceso reutiliza el descriptor sin que se elimine de la lista."}], "id": "CVE-2024-40956", "lastModified": "2024-08-28T18:58:48.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:17.760", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6267", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.82.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6268", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-04T00:00:00Z"}], "bugzilla": {"description": "kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list", "id": "2297540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297540"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there's a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40956", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40956\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40956\nhttps://lore.kernel.org/linux-cve-announce/2024071224-CVE-2024-40956-b65d@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.162, kernel 6.1.96, kernel 6.6.36, kernel 6.9.7, kernel 6.10-rc5"}