CVE-2024-38545

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 18

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix UAF for cq async event

The refcount of CQ is not protected by locks. When CQ asynchronous
events and CQ destruction are concurrent, CQ may have been released,
which will cause UAF.

Use the xa_lock() to protect the CQ refcount.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-06-19 14:15:14
(2 months ago)
Updated Date: 2024-08-27 20:03:02
(2 weeks ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.9 version and prior 6.1.93 version	cpe:2.3:o:linux:linux_kernel	>= 4.9	< 6.1.93
Linux Kernel from 6.2 version and prior 6.6.33 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.33
Linux Kernel from 6.7 version and prior 6.8.12 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.8.12
Linux Kernel from 6.9 version and prior 6.9.3 version	cpe:2.3:o:linux:linux_kernel	>= 6.9	< 6.9.3