CVE-2024-39493
Published: Jul 10, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected daba62d9eeddcc5b1081be7d348ca836c83c59d7 - < 0ce5964b82f212f4df6a9813f09a0b5de15bd9c8affected 8e81cd58aee14a470891733181a47d123193ba81 - < 6396b33e98c096bff9c253ed49c008247963492aaffected d03092550f526a79cf1ade7f0dfa74906f39eb71 - < a718b6d2a329e069b27d9049a71be5931e71d960affected 4ae5a97781ce7d6ecc9c7055396535815b64ca4f - < 3fb4601e0db10d4fe25e46f3fa308d40d37366bdaffected 226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7 - < e7428e7e3fe94a5089dc12ffe5bc31574d2315ad+13 more versions |
Linux | Linux | affected 6.9unaffected 0 - < 6.9unaffected 4.19.316 - <= 4.19.*unaffected 5.4.278 - <= 5.4.*unaffected 5.10.219 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now