We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47732

crypto: iaa - Fix potential use after free bug



Description

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compression_modes[i]->free() a few lines later resulting in a use after free. The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)

Reserved 2024-09-30 | Published 2024-10-21 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

b190447e0fa3ef7355480d641d078962e03768b4 before b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9
affected

b190447e0fa3ef7355480d641d078962e03768b4 before c66f0be993ba52410edab06124c54ecf143b05c1
affected

b190447e0fa3ef7355480d641d078962e03768b4 before e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209
affected

Default status
affected

6.8
affected

Any version before 6.8
unaffected

6.10.13
unaffected

6.11.2
unaffected

6.12
unaffected

References

git.kernel.org/...c/b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9

git.kernel.org/...c/c66f0be993ba52410edab06124c54ecf143b05c1

git.kernel.org/...c/e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209

cve.org (CVE-2024-47732)

nvd.nist.gov (CVE-2024-47732)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-47732

Support options

Helpdesk Chat, Email, Knowledgebase