CVE-2024-39507

MEDIUM

Linux Kernel 5.1-5.15.161, 5.16-6.1.94, 6.2-6.6.34, 6.7-6.9.5 - Use-After-Free in HNS3 NIC Driver

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix the problem, when link status change, need to check whether the roce registered, and when uninit, need to wait link update finish.

References (6)

Core 6

Scores

CVSS v3 5.5
EPSS 0.0028
EPSS Percentile 19.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-908
Status published
Products (18)
linux/Kernel 5.1.0 - 5.15.162linux
linux/Kernel 5.16.0 - 6.1.95linux
linux/Kernel 6.2.0 - 6.6.35linux
linux/Kernel 6.7.0 - 6.9.6linux
Linux/Linux < 5.1
Linux/Linux 45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab - 12cda920212a49fa22d9e8b9492ac4ea013310a4
Linux/Linux 45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab - 62b5dfb67bfa8bd0301bf3442004563495f9ee48
Linux/Linux 45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab - 689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa
Linux/Linux 45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab - 6d0007f7b69d684879a0f598a042e40244d3cf63
Linux/Linux 45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab - b2c5024b771cd1dd8175d5f6949accfadbab7edd
... and 8 more
Published Jul 12, 2024
Tracked Since Feb 18, 2026