CVE-2024-40956

HIGH7.8

dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list

Published Jul 12, 2024

Modified 2 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list

Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.

References

WEBhttps://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33 WEBhttps://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5 WEBhttps://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd WEBhttps://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7 WEBhttps://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8 WEBhttps://lists.debian.org/debian-lts-announce/2025/01/msg00001.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-40956

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJul 12, 2024

ModifiedNov 3, 2025

CVE-2024-40956 | Mondoo Vulnerability Intelligence