CVE-2024-39493
CVSS v3.1
5.5 (Medium)
EPSS
0.04 % (5th)
Affected Products
1
Advisories
19
NVD Status
Analyzed
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
Using completion_done to determine whether the caller has gone
away only works after a complete call. Furthermore it's still
possible that the caller has not yet called wait_for_completion,
resulting in another potential UAF.
Fix this by making the caller use cancel_work_sync and then freeing
the memory safely.
Weaknesses
- CWE-401
- Missing Release of Memory after Effective Lifetime
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- kernel.org
- Published Date
-
2024-07-10 08:15:11
(2 months ago) - Updated Date
-
2024-07-31 15:38:54
(6 weeks ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...