CVE-2024-47730

HIGH

Linux Kernel 5.8-6.11.1 - Use-After-Free in Crypto Queue Management

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory.

References (9)

Core 9

Scores

CVSS v3 7.8
EPSS 0.0001
EPSS Percentile 1.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (24)
debian/debian_linux 11.0
linux/Kernel 5.11.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.113linux
linux/Kernel 5.8.0 - 5.10.235linux
linux/Kernel 6.11.0 - 6.11.2linux
linux/Kernel 6.2.0 - 6.6.54linux
linux/Kernel 6.7.0 - 6.10.13linux
Linux/Linux < 5.8
Linux/Linux 5.10.235 - 5.10.*
Linux/Linux 5.15.174 - 5.15.*
... and 14 more
Published Oct 21, 2024
Tracked Since Feb 18, 2026