CVE-2024-38629

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38629
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38629.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-38629
Downstream
Related
Published
2024-06-21T10:18:20Z
Modified
2025-10-15T12:22:31.498917Z
Summary
dmaengine: idxd: Avoid unnecessary destruction of file_ida
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Avoid unnecessary destruction of file_ida

fileida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to destroy an already empty fileida when the WQ cdev is removed.

Worse, idafree() in cdev release may happen after destruction of fileida per WQ cdev. This can lead to accessing an id in file_ida after it has been destroyed, resulting in a kernel panic.

Remove idadestroy(&fileida) to address these issues.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec
Fixed
9eb15f24a0b9b017b39cde8b8c07243676b63687
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec
Fixed
15edb906211bf53e7b5574f7326ab734d6bff4f9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec
Fixed
76e43fa6a456787bad31b8d0daeabda27351a480

Affected versions

v6.*

v6.3
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-38629-08c3b36f",
            "signature_type": "Line",
            "target": {
                "file": "drivers/dma/idxd/cdev.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "35808204441940178950107702996945361467",
                    "83058356822603836318398329549154969940",
                    "249896574688072956836426832224396318256",
                    "249787792502537396346078847897228342245"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb15f24a0b9b017b39cde8b8c07243676b63687"
        },
        {
            "id": "CVE-2024-38629-16f32624",
            "signature_type": "Function",
            "target": {
                "file": "drivers/dma/idxd/cdev.c",
                "function": "idxd_wq_del_cdev"
            },
            "deprecated": false,
            "digest": {
                "length": 199.0,
                "function_hash": "22026695206043148466054639686185958771"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb15f24a0b9b017b39cde8b8c07243676b63687"
        },
        {
            "id": "CVE-2024-38629-6c968b2d",
            "signature_type": "Line",
            "target": {
                "file": "drivers/dma/idxd/cdev.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "35808204441940178950107702996945361467",
                    "83058356822603836318398329549154969940",
                    "249896574688072956836426832224396318256",
                    "249787792502537396346078847897228342245"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15edb906211bf53e7b5574f7326ab734d6bff4f9"
        },
        {
            "id": "CVE-2024-38629-fb89b57d",
            "signature_type": "Function",
            "target": {
                "file": "drivers/dma/idxd/cdev.c",
                "function": "idxd_wq_del_cdev"
            },
            "deprecated": false,
            "digest": {
                "length": 199.0,
                "function_hash": "22026695206043148466054639686185958771"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15edb906211bf53e7b5574f7326ab734d6bff4f9"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.33
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.4