CVE-2024-26974
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - resolve race condition during AER recovery
During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the reset_data structure will be freed. However, this data structure is used for completion notification after the restart is completed, which leads to a UAF bug.
This results in a KFENCE bug notice.
BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat] Use-after-free read at 0x00000000bc56fddf (in kfence-#142): adf_device_reset_worker+0x38/0xa0 [intel_qat] process_one_work+0x173/0x340
To resolve this race condition, the memory associated to the container of the work_struct is freed on the worker if the timeout expired, otherwise on the function that schedules the worker. The timeout detection can be done by checking if the caller is still waiting for completion or not by using completion_done() function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
127- osv-coords123 versionspkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-kvmpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-kvmpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_71&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 4.18.0-553.8.1.el8_10+ 122 more
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.rt7.349.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.rt7.349.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 4.18.0-553.8.1.el8_10
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.0-427.24.1.el9_4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 4.12.14-122.269.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 1-8.3.1
Patches
Vulnerability mechanics
References
12- git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0benvdPatch
- git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7nvdPatch
- git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4fnvdPatch
- git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210cnvdPatch
- git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dcnvdPatch
- git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81nvdPatch
- git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828nvdPatch
- git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71nvdPatch
- git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7nvdPatch
- lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlnvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
News mentions
0No linked articles in our index yet.