Vulnerabilities > CVE-2024-39493 - Memory Leak vulnerability in Linux Kernel

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-401

NVD

Published: 2024-07-10

Updated: 2024-07-31

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.9 Linux Linux Kernel 6.9.1 Linux Linux Kernel 6.9.2 Linux Linux Kernel 6.9.3 Linux Linux Kernel 6.6.29 Linux Linux Kernel 6.6.30 Linux Linux Kernel 6.6.32 Linux Linux Kernel 6.6.33 Linux Linux Kernel 6.1.84 Linux Linux Kernel 6.1.89 Linux Linux Kernel 6.1.90 Linux Linux Kernel 6.1.92 Linux Linux Kernel 6.1.93 Linux Linux Kernel 5.15.156 Linux Linux Kernel 5.15.158 Linux Linux Kernel 5.15.160 Linux Linux Kernel 5.10.216 Linux Linux Kernel 5.10.217 Linux Linux Kernel 5.10.218 Linux Linux Kernel 5.4.274 Linux Linux Kernel 5.4.275 Linux Linux Kernel 5.4.276 Linux Linux Kernel 5.4.277 Linux Linux Kernel 4.19.312 Linux Linux Kernel 4.19.313 Linux Linux Kernel 4.19.314 Linux Linux Kernel 4.19.315	31

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References