{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47732", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-30T16:00:12.958Z", "datePublished": "2024-10-21T12:14:03.863Z", "dateUpdated": "2025-05-04T09:38:29.225Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:38:29.225Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix potential use after free bug\n\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]->free() a few\nlines later resulting in a use after free.\n\nThe good news is that, so far as I can tell, nothing implements the\n->free() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we'll be ready. :)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/intel/iaa/iaa_crypto_main.c"], "versions": [{"version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9", "status": "affected", "versionType": "git"}, {"version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "c66f0be993ba52410edab06124c54ecf143b05c1", "status": "affected", "versionType": "git"}, {"version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/intel/iaa/iaa_crypto_main.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.13", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.2", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.10.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.11.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9"}, {"url": "https://git.kernel.org/stable/c/c66f0be993ba52410edab06124c54ecf143b05c1"}, {"url": "https://git.kernel.org/stable/c/e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209"}], "title": "crypto: iaa - Fix potential use after free bug", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47732", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T13:00:23.321924Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T13:04:15.743Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47732", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T13:00:23.321924Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T13:00:26.464Z"}}], "cna": {"title": "crypto: iaa - Fix potential use after free bug", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9", "versionType": "git"}, {"status": "affected", "version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "c66f0be993ba52410edab06124c54ecf143b05c1", "versionType": "git"}, {"status": "affected", "version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209", "versionType": "git"}], "programFiles": ["drivers/crypto/intel/iaa/iaa_crypto_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "semver"}, {"status": "unaffected", "version": "6.10.13", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.2", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/crypto/intel/iaa/iaa_crypto_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9"}, {"url": "https://git.kernel.org/stable/c/c66f0be993ba52410edab06124c54ecf143b05c1"}, {"url": "https://git.kernel.org/stable/c/e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix potential use after free bug\n\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]->free() a few\nlines later resulting in a use after free.\n\nThe good news is that, so far as I can tell, nothing implements the\n->free() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we'll be ready. :)"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12", "versionStartIncluding": "6.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:38:29.225Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47732", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:38:29.225Z", "dateReserved": "2024-09-30T16:00:12.958Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T12:14:03.863Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C22AF5AC-7F54-4360-A603-8A032CC9087A", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix potential use after free bug\n\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]->free() a few\nlines later resulting in a use after free.\n\nThe good news is that, so far as I can tell, nothing implements the\n->free() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we'll be ready. :)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: iaa - Fix potential use after free bug La funci\u00f3n free_device_compression_mode(iaa_device, device_mode) libera \"device_mode\" pero se pasa a iaa_compression_modes[i]->free() unas l\u00edneas m\u00e1s adelante, lo que da como resultado un use after free. La buena noticia es que, hasta donde puedo decir, nada implementa la funci\u00f3n ->free() y el use after free ocurre en c\u00f3digo muerto. Pero, con esta soluci\u00f3n, cuando algo la implemente, estaremos listos. :)"}], "id": "CVE-2024-47732", "lastModified": "2024-12-20T15:44:01.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T13:15:03.363", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c66f0be993ba52410edab06124c54ecf143b05c1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: crypto: iaa - Fix potential use after free bug", "id": "2320195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320195"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: iaa - Fix potential use after free bug\nThe free_device_compression_mode(iaa_device, device_mode) function frees\n\"device_mode\" but it iss passed to iaa_compression_modes[i]->free() a few\nlines later resulting in a use after free.\nThe good news is that, so far as I can tell, nothing implements the\n->free() function and the use after free happens in dead code. But, with\nthis fix, when something does implement it, we'll be ready. :)", "A possible flaw was found in the Linux 6.8 kernel version via the b190447e0fa3 commit. This flaw allows an attacker to trigger a pointer exception that could cause performance issues, mainly impacting availability. The code should not be reachable since it is not called anywhere, making this a weakness that could lead to a flaw if, at a certain point, the call to remove_device_compression_modes is introduced. However, if the address where the function is located is called by overriding the instruction pointer, which is unlikely to happen, this weakness could theoretically enable this as a flaw."], "name": "CVE-2024-47732", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47732\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47732\nhttps://lore.kernel.org/linux-cve-announce/2024102106-CVE-2024-47732-f8aa@gregkh/T"], "threat_severity": "Moderate"}

{}