CVE-2024-47732

Published: Oct 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees "device_mode" but it iss passed to iaa_compression_modes[i]->free() a few lines later resulting in a use after free. The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)

Vendor	Product	Versions
Linux	Linux	affected `b190447e0fa3ef7355480d641d078962e03768b4 - < b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9` affected `b190447e0fa3ef7355480d641d078962e03768b4 - < c66f0be993ba52410edab06124c54ecf143b05c1` affected `b190447e0fa3ef7355480d641d078962e03768b4 - < e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.10.13 - <= 6.10.` unaffected `6.11.2 - <= 6.11.` unaffected `6.12 - <= *`

References

https://git.kernel.org/stable/c/b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9

https://git.kernel.org/stable/c/c66f0be993ba52410edab06124c54ecf143b05c1

https://git.kernel.org/stable/c/e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-47732

Description

Affected Products

References