CVE-2024-47732
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47732
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47732.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47732
- Downstream
- Related
- Published
- 2024-10-21T12:14:03.863Z
- Modified
- 2025-11-20T06:08:29.290405Z
- Summary
- crypto: iaa - Fix potential use after free bug
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix potential use after free bug
The freedevicecompressionmode(iaadevice, devicemode) function frees "devicemode" but it iss passed to iaacompressionmodes[i]->free() a few lines later resulting in a use after free.
The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb190447e0fa3ef7355480d641d078962e03768b4Fixedb5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb190447e0fa3ef7355480d641d078962e03768b4Fixedc66f0be993ba52410edab06124c54ecf143b05c1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb190447e0fa3ef7355480d641d078962e03768b4Fixede0d3b845a1b10b7b5abdad7ecc69d45b2aab3209
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2024-47732-20e2f127",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"177312369075386143677566037082587848809",
"287359442163908821158078489176969192025",
"39796294603421072991248858842485241326",
"206619457975511721006435271144521440277",
"93291892645690229706772011702965071486",
"270800267658261031163915605258241987750",
"262880001842512283912064190916488250722"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9",
"target": {
"file": "drivers/crypto/intel/iaa/iaa_crypto_main.c"
}
},
{
"id": "CVE-2024-47732-5a243815",
"signature_version": "v1",
"digest": {
"function_hash": "242967968174595690310622193180982601180",
"length": 356.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209",
"target": {
"file": "drivers/crypto/intel/iaa/iaa_crypto_main.c",
"function": "remove_device_compression_modes"
}
},
{
"id": "CVE-2024-47732-7dad4a56",
"signature_version": "v1",
"digest": {
"function_hash": "242967968174595690310622193180982601180",
"length": 356.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c66f0be993ba52410edab06124c54ecf143b05c1",
"target": {
"file": "drivers/crypto/intel/iaa/iaa_crypto_main.c",
"function": "remove_device_compression_modes"
}
},
{
"id": "CVE-2024-47732-c2c39500",
"signature_version": "v1",
"digest": {
"function_hash": "242967968174595690310622193180982601180",
"length": 356.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9",
"target": {
"file": "drivers/crypto/intel/iaa/iaa_crypto_main.c",
"function": "remove_device_compression_modes"
}
},
{
"id": "CVE-2024-47732-f0261845",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"177312369075386143677566037082587848809",
"287359442163908821158078489176969192025",
"39796294603421072991248858842485241326",
"206619457975511721006435271144521440277",
"93291892645690229706772011702965071486",
"270800267658261031163915605258241987750",
"262880001842512283912064190916488250722"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c66f0be993ba52410edab06124c54ecf143b05c1",
"target": {
"file": "drivers/crypto/intel/iaa/iaa_crypto_main.c"
}
},
{
"id": "CVE-2024-47732-f600eb13",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"177312369075386143677566037082587848809",
"287359442163908821158078489176969192025",
"39796294603421072991248858842485241326",
"206619457975511721006435271144521440277",
"93291892645690229706772011702965071486",
"270800267658261031163915605258241987750",
"262880001842512283912064190916488250722"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209",
"target": {
"file": "drivers/crypto/intel/iaa/iaa_crypto_main.c"
}
}
]