ГлавнаяУязвимости → CVE-2024-40956
7.8высокая

CVE-2024-40956

→ есть в БДУ: BDU:2024-08302 (на русском)
Описание (на английском; русское — в БДУ выше)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.

Затрагиваемое ПО
Linux Linux kernel
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309ddhttps://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd