CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.8<6.1.113 | |
| Linux Kernel | >=6.2<6.6.54 | |
| Linux Kernel | >=6.7<6.10.13 | |
| Linux Kernel | >=6.11<6.11.2 | |
| debian/linux | <=5.10.223-1<=5.10.234-1 | 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://launchpad.net/bugs/cve/CVE-2024-47730
- https://git.kernel.org/stable/c/801d64177faaec184cee1e1aa4d8487df1364a54
- https://git.kernel.org/stable/c/98d3be34c9153eceadb56de50d9f9347e88d86e4
- https://git.kernel.org/stable/c/aa3e0db35a60002fb34ef0e4ad203aa59fd00203
- https://git.kernel.org/stable/c/b04f06fc0243600665b3b50253869533b7938468
- https://git.kernel.org/stable/c/c5f5b813e546f7fe133539c3d7a5086cc8dd2aa1
- https://git.kernel.org/stable/c/f8024f12752e32ffbbf59e1c09d949f977ff743f
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47730
- https://nvd.nist.gov/vuln/detail/CVE-2024-47730
- https://security-tracker.debian.org/tracker/CVE-2024-47730
- https://ubuntu.com/security/CVE-2024-47730
- https://git.kernel.org/linus/b04f06fc0243600665b3b50253869533b7938468
- https://git.kernel.org/stable/c/85e81103033324d7a271dafb584991da39554a89
Frequently Asked Questions
What is the severity of CVE-2024-47730?
CVE-2024-47730 is classified as a medium severity vulnerability in the Linux kernel.
How do I fix CVE-2024-47730?
To fix CVE-2024-47730, update your Linux kernel to a version that addresses the vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-47730?
CVE-2024-47730 affects Linux kernel versions from 5.8 up to 6.11.2, excluding specific patched versions.
What is the nature of the vulnerability in CVE-2024-47730?
CVE-2024-47730 involves an issue where the Linux kernel's crypto driver may not properly handle memory errors, potentially leading to resource management problems.
Is there a workaround for CVE-2024-47730?
Currently, the recommended action for CVE-2024-47730 is to apply available kernel updates rather than relying on a workaround.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/trending
- collector/launchpad-cve
- source/Launchpad
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/tags
- collector/nvd-api
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.8
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11
- package-manager/debian