2024-10-21 20:03:29 +00:00
{
"id" : "CVE-2024-49981" ,
"sourceIdentifier" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"published" : "2024-10-21T18:15:18.670" ,
2024-11-08 17:03:28 +00:00
"lastModified" : "2024-11-08T16:15:39.567" ,
"vulnStatus" : "Modified" ,
2024-10-21 20:03:29 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free bug in venus_remove due to race condition\n\nin venus_probe, core->work is bound with venus_sys_error_handler, which is\nused to handle error. The code use core->sys_err_done to make sync work.\nThe core->work is started in venus_event_notify.\n\nIf we call venus_remove, there might be an unfished work. The possible\nsequence is as follows:\n\nCPU0 CPU1\n\n |venus_sys_error_handler\nvenus_remove |\nhfi_destroy\t \t\t |\nvenus_hfi_destroy\t |\nkfree(hdev);\t |\n |hfi_reinit\n\t\t\t\t\t |venus_hfi_queues_reinit\n |//use hdev\n\nFix it by canceling the work in venus_remove."
2024-10-23 16:03:56 +00:00
} ,
{
"lang" : "es" ,
"value" : "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: se corrige el error de use after free en venus_remove debido a la condici\u00f3n de ejecuci\u00f3n en venus_probe, core->work est\u00e1 vinculado con venus_sys_error_handler, que se usa para manejar el error. El c\u00f3digo usa core->sys_err_done para que funcione la sincronizaci\u00f3n. El core->work se inicia en venus_event_notify. Si llamamos a venus_remove, puede haber un trabajo sin pescar. La secuencia posible es la siguiente: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Arr\u00e9glelo cancelando el trabajo en venus_remove."
2024-10-21 20:03:29 +00:00
}
] ,
2024-10-25 16:03:30 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.0 ,
"baseSeverity" : "HIGH" ,
2024-10-25 16:03:30 +00:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-10-25 16:03:30 +00:00
} ,
"exploitabilityScore" : 1.0 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-362"
} ,
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.13" ,
"versionEndExcluding" : "5.10.227" ,
"matchCriteriaId" : "95F0968E-E3F7-42E8-A144-E4B74A2B6541"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.11" ,
"versionEndExcluding" : "5.15.168" ,
"matchCriteriaId" : "4D51C05D-455B-4D8D-89E7-A58E140B864C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.16" ,
"versionEndExcluding" : "6.1.113" ,
"matchCriteriaId" : "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.2" ,
"versionEndExcluding" : "6.6.55" ,
"matchCriteriaId" : "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.7" ,
"versionEndExcluding" : "6.10.14" ,
"matchCriteriaId" : "4C16BCE0-FFA0-4599-BE0A-1FD65101C021"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.11" ,
"versionEndExcluding" : "6.11.3" ,
"matchCriteriaId" : "54D9C704-D679-41A7-9C40-10A6B1E7FFE9"
}
]
}
]
}
] ,
2024-10-21 20:03:29 +00:00
"references" : [
{
"url" : "https://git.kernel.org/stable/c/10941d4f99a5a34999121b314afcd9c0a1c14f15" ,
2024-10-25 16:03:30 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-10-21 20:03:29 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/2a541fcc0bd2b05a458e9613376df1289ec11621" ,
2024-10-25 16:03:30 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-10-21 20:03:29 +00:00
} ,
2024-11-08 17:03:28 +00:00
{
"url" : "https://git.kernel.org/stable/c/5098b9e6377577fe13d03e1d8914930f014a3314" ,
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
} ,
2024-10-21 20:03:29 +00:00
{
"url" : "https://git.kernel.org/stable/c/60b6968341a6dd5353554f3e72db554693a128a5" ,
2024-10-25 16:03:30 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-10-21 20:03:29 +00:00
} ,
2024-11-08 17:03:28 +00:00
{
"url" : "https://git.kernel.org/stable/c/63bbe26471ebdcc3c20bb4cc3950d666279ad658" ,
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
} ,
2024-10-21 20:03:29 +00:00
{
"url" : "https://git.kernel.org/stable/c/b0686aedc5f1343442d044bd64eeac7e7a391f4e" ,
2024-10-25 16:03:30 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-10-21 20:03:29 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/bf6be32e2d39f6301ff1831e249d32a8744ab28a" ,
2024-10-25 16:03:30 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-10-21 20:03:29 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/c5a85ed88e043474161bbfe54002c89c1cb50ee2" ,
2024-10-25 16:03:30 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-10-21 20:03:29 +00:00
} ,
{
"url" : "https://git.kernel.org/stable/c/d925e9f7fb5a2dbefd1a73fc01061f38c7becd4c" ,
2024-10-25 16:03:30 +00:00
"source" : "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ,
"tags" : [
"Patch"
]
2024-10-21 20:03:29 +00:00
}
]
}
