CVE - CVE-2024-39495

CVE-ID
CVE-2024-39495	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. Then it will be started by gb_interface_request_mode_switch. Here is the relevant code. if (!queue_work(system_long_wq, &intf->mode_switch_work)) { ... } If we call gb_interface_release to make cleanup, there may be an unfinished work. This function will call kfree to free the object "intf". However, if gb_interface_mode_switch_work is scheduled to run after kfree, it may cause use-after-free error as gb_interface_mode_switch_work will use the object "intf". The possible execution flow that may lead to the issue is as follows: CPU0 CPU1 \| gb_interface_create \| gb_interface_request_mode_switch gb_interface_release \| kfree(intf) (free) \| \| gb_interface_mode_switch_work \| mutex_lock(&intf->mutex) (use) Fix it by canceling the work before kfree.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/03ea2b129344152157418929f06726989efc0445 URL:https://git.kernel.org/stable/c/03ea2b129344152157418929f06726989efc0445 MISC:https://git.kernel.org/stable/c/0b8fba38bdfb848fac52e71270b2aa3538c996ea URL:https://git.kernel.org/stable/c/0b8fba38bdfb848fac52e71270b2aa3538c996ea MISC:https://git.kernel.org/stable/c/2b6bb0b4abfd79b8698ee161bb73c0936a2aaf83 URL:https://git.kernel.org/stable/c/2b6bb0b4abfd79b8698ee161bb73c0936a2aaf83 MISC:https://git.kernel.org/stable/c/5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce URL:https://git.kernel.org/stable/c/5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce MISC:https://git.kernel.org/stable/c/74cd0a421896b2e07eafe7da4275302bfecef201 URL:https://git.kernel.org/stable/c/74cd0a421896b2e07eafe7da4275302bfecef201 MISC:https://git.kernel.org/stable/c/9a733d69a4a59c2d08620e6589d823c24be773dc URL:https://git.kernel.org/stable/c/9a733d69a4a59c2d08620e6589d823c24be773dc MISC:https://git.kernel.org/stable/c/fb071f5c75d4b1c177824de74ee75f9dd34123b9 URL:https://git.kernel.org/stable/c/fb071f5c75d4b1c177824de74ee75f9dd34123b9
Assigning CNA
kernel.org
Date Record Created
20240625	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)