CVE - CVE-2024-56700

CVE-ID
CVE-2024-56700	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a scenario where, after passing the validity check within the function, a non-null fmdev->resp_skb variable is assigned a null value. This results in an invalid fmdev->resp_skb variable passing the validity check. As seen in the later part of the function, skb = fmdev->resp_skb; when the invalid fmdev->resp_skb passes the check, a null pointer dereference error may occur at line 478, evt_hdr = (void *)skb->data; To address this issue, it is recommended to include the validity check of fmdev->resp_skb within the locked section of the function. This modification ensures that the value of fmdev->resp_skb does not change during the validation process, thereby maintaining its validity. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269 URL:https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269 MISC:https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4 URL:https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4 MISC:https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8 URL:https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8 MISC:https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e URL:https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e MISC:https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10 URL:https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10 MISC:https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091 URL:https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091 MISC:https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990 URL:https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990 MISC:https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9 URL:https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9 MISC:https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141 URL:https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141
Assigning CNA
kernel.org
Date Record Created
20241227	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241227)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)