CVE-2024-39493

crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8 patch
https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a patch
https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960 patch
https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd patch
https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad patch
https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3 patch
https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246 patch
https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26 patch

Frequently Asked Questions

What is the severity of CVE-2024-39493?
CVE-2024-39493 has been scored as a medium severity vulnerability.
How to fix CVE-2024-39493?
To fix CVE-2024-39493, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-39493 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-39493 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-39493?
CVE-2024-39493 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.