CVE-2024-47730

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47730

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory.

References
Link Resource
https://git.kernel.org/stable/c/801d64177faaec184cee1e1aa4d8487df1364a54
https://git.kernel.org/stable/c/85e81103033324d7a271dafb584991da39554a89
https://git.kernel.org/stable/c/98d3be34c9153eceadb56de50d9f9347e88d86e4 Patch
https://git.kernel.org/stable/c/aa3e0db35a60002fb34ef0e4ad203aa59fd00203 Patch
https://git.kernel.org/stable/c/b04f06fc0243600665b3b50253869533b7938468 Patch
https://git.kernel.org/stable/c/c5f5b813e546f7fe133539c3d7a5086cc8dd2aa1 Patch
https://git.kernel.org/stable/c/f8024f12752e32ffbbf59e1c09d949f977ff743f Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

03 Nov 2025, 23:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

03 Nov 2025, 20:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html -

13 Mar 2025, 13:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/85e81103033324d7a271dafb584991da39554a89 -

14 Dec 2024, 21:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/801d64177faaec184cee1e1aa4d8487df1364a54 -

23 Oct 2024, 17:03

Type Values Removed Values Added
CWE CWE-416
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/98d3be34c9153eceadb56de50d9f9347e88d86e4 - () https://git.kernel.org/stable/c/98d3be34c9153eceadb56de50d9f9347e88d86e4 - Patch
References () https://git.kernel.org/stable/c/aa3e0db35a60002fb34ef0e4ad203aa59fd00203 - () https://git.kernel.org/stable/c/aa3e0db35a60002fb34ef0e4ad203aa59fd00203 - Patch
References () https://git.kernel.org/stable/c/b04f06fc0243600665b3b50253869533b7938468 - () https://git.kernel.org/stable/c/b04f06fc0243600665b3b50253869533b7938468 - Patch
References () https://git.kernel.org/stable/c/c5f5b813e546f7fe133539c3d7a5086cc8dd2aa1 - () https://git.kernel.org/stable/c/c5f5b813e546f7fe133539c3d7a5086cc8dd2aa1 - Patch
References () https://git.kernel.org/stable/c/f8024f12752e32ffbbf59e1c09d949f977ff743f - () https://git.kernel.org/stable/c/f8024f12752e32ffbbf59e1c09d949f977ff743f - Patch
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: hisilicon/qm - inyectar error antes de detener la cola El master ooo no se puede cerrar por completo cuando el núcleo del acelerador informa un error de memoria. Por lo tanto, el controlador debe inyectar el error qm para cerrar el master ooo. Actualmente, el error qm se inyecta después de detener la cola, la memoria puede liberarse inmediatamente después de detener la cola, lo que hace que el dispositivo acceda a la memoria liberada. Por lo tanto, se inyecta un error para cerrar el master ooo antes de detener la cola para garantizar que el dispositivo no acceda a la memoria liberada.
First Time Linux
Linux linux Kernel
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

21 Oct 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-21 13:15

Updated : 2025-11-03 23:16

NVD link : CVE-2024-47730

Mitre link : CVE-2024-47730

CVE.ORG link : CVE-2024-47730

JSON object : View

Products Affected

linux

CWE
CWE-416

Use After Free