CVE-2024-38629

{"id": "CVE-2024-38629", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-06-21T11:15:11.733", "references": [{"url": "https://git.kernel.org/stable/c/15edb906211bf53e7b5574f7326ab734d6bff4f9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/76e43fa6a456787bad31b8d0daeabda27351a480", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9eb15f24a0b9b017b39cde8b8c07243676b63687", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/15edb906211bf53e7b5574f7326ab734d6bff4f9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/76e43fa6a456787bad31b8d0daeabda27351a480", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9eb15f24a0b9b017b39cde8b8c07243676b63687", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Avoid unnecessary destruction of file_ida\n\nfile_ida is allocated during cdev open and is freed accordingly\nduring cdev release. This sequence is guaranteed by driver file\noperations. Therefore, there is no need to destroy an already empty\nfile_ida when the WQ cdev is removed.\n\nWorse, ida_free() in cdev release may happen after destruction of\nfile_ida per WQ cdev. This can lead to accessing an id in file_ida\nafter it has been destroyed, resulting in a kernel panic.\n\nRemove ida_destroy(&file_ida) to address these issues."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: evita la destrucci\u00f3n innecesaria de file_ida file_ida se asigna durante la apertura de cdev y se libera en consecuencia durante el lanzamiento de cdev. Esta secuencia est\u00e1 garantizada por las operaciones del archivo del controlador. Por lo tanto, no es necesario destruir un file_ida que ya est\u00e1 vac\u00edo cuando se elimina WQ cdev. Peor a\u00fan, ida_free() en la versi\u00f3n cdev puede ocurrir despu\u00e9s de la destrucci\u00f3n de file_ida seg\u00fan WQ cdev. Esto puede llevar a acceder a una identificaci\u00f3n en file_ida despu\u00e9s de haber sido destruida, lo que resulta en un p\u00e1nico en el kernel. Elimine ida_destroy(&file_ida) para solucionar estos problemas."}], "lastModified": "2025-10-03T14:53:37.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D9DC6CF-DE3D-4E7E-BF42-5EBCCB0F3D34", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627", "versionEndExcluding": "6.9.4", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}