CVE-2024-40956

July 12, 2024, 4:34 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33
https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5
https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd
https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7
https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-07-12
CVE-2024-40956

Timeline

Published: July 12, 2024, 1:15 p.m.
Last Modified: July 12, 2024, 4:34 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.