VYPR
Get started
← All advisories
Medium severity5.5NVD Advisory· Published Jul 10, 2024· Updated May 12, 2026

CVE-2024-39493

CVE-2024-39493

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF.

Fix this by making the caller use cancel_work_sync and then freeing the memory safely.

Affected products

1
  • Linux/Linuxv5
    Range: 6.9

Patches

8
a718b6d2a329
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
c2d443aa1ae3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
d0fd12497272
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
d3b17c6d9ddd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
3fb4601e0db1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
e7428e7e3fe9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
0ce5964b82f2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
6396b33e98c0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.