CVE-2024-50296 (GCVE-0-2024-50296)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-23 15:55
VLAI
Title
net: hns3: fix kernel crash when uninstalling driver
Summary
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov(). The num_VFs is checked to determine whether to release the corresponding resources. During the second calling, num_VFs is not 0 and the resource release function is called. However, the corresponding resource has been released during the first invoking. Therefore, the problem occurs: [15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... [15278.131557][T50670] Call trace: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80 [15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_disable+0x50/0x11c [15278.166829][T50670] pci_disable_sriov+0x24/0x30 [15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invoke_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 For details, see the following figure. rmmod hclge disable VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() if !num_VFs : if !num_VFs : return; return; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); In this patch, when driver is removing, we get the device_lock() to protect num_VFs, just like sriov_numvfs_store().
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: b06ad258e01389ca3ff13bc180f3fcd6a608f1cd , < a0df055775f30850c0da8f7dab40d67c0fd63908 (git)
Affected: c4b64011e458aa2b246cd4e42012cfd83d2d9a5c , < 7ae4e56de7dbd0999578246a536cf52a63f4056d (git)
Affected: d36b15e3e7b5937cb1f6ac590a85facc3a320642 , < 590a4b2d4e0b73586e88bce9b8135b593355ec09 (git)
Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < e36482b222e00cc7aeeea772fc0cf2943590bc4d (git)
Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < 76b155e14d9b182ce83d32ada2d0d7219ea8c8dd (git)
Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < 719edd9f3372ce7fb3b157647c6658672946874b (git)
Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < b5c94e4d947d15d521e935ff10c5a22a7883dea5 (git)
Affected: 0dd8a25f355b4df2d41c08df1716340854c7d4c5 , < df3dff8ab6d79edc942464999d06fbaedf8cdd18 (git)
Affected: 9b5a29f0acefa3eb1dbe2fa302b393eeff64d933 (git)
Affected: 4.19.214 , < 4.19.324 (semver)
Affected: 5.4.156 , < 5.4.286 (semver)
Affected: 5.10.76 , < 5.10.230 (semver)
Affected: 5.14.15 , < 5.15 (semver)
Create a notification for this product.
Linux Linux Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 4.19.324 , ≤ 4.19.* (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.230 , ≤ 5.10.* (semver)
Unaffected: 5.15.172 , ≤ 5.15.* (semver)
Unaffected: 6.1.117 , ≤ 6.1.* (semver)
Unaffected: 6.6.61 , ≤ 6.6.* (semver)
Unaffected: 6.11.8 , ≤ 6.11.* (semver)
Unaffected: 6.12 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:14:08.140052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:17:20.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:15.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hnae3.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a0df055775f30850c0da8f7dab40d67c0fd63908",
              "status": "affected",
              "version": "b06ad258e01389ca3ff13bc180f3fcd6a608f1cd",
              "versionType": "git"
            },
            {
              "lessThan": "7ae4e56de7dbd0999578246a536cf52a63f4056d",
              "status": "affected",
              "version": "c4b64011e458aa2b246cd4e42012cfd83d2d9a5c",
              "versionType": "git"
            },
            {
              "lessThan": "590a4b2d4e0b73586e88bce9b8135b593355ec09",
              "status": "affected",
              "version": "d36b15e3e7b5937cb1f6ac590a85facc3a320642",
              "versionType": "git"
            },
            {
              "lessThan": "e36482b222e00cc7aeeea772fc0cf2943590bc4d",
              "status": "affected",
              "version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
              "versionType": "git"
            },
            {
              "lessThan": "76b155e14d9b182ce83d32ada2d0d7219ea8c8dd",
              "status": "affected",
              "version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
              "versionType": "git"
            },
            {
              "lessThan": "719edd9f3372ce7fb3b157647c6658672946874b",
              "status": "affected",
              "version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
              "versionType": "git"
            },
            {
              "lessThan": "b5c94e4d947d15d521e935ff10c5a22a7883dea5",
              "status": "affected",
              "version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
              "versionType": "git"
            },
            {
              "lessThan": "df3dff8ab6d79edc942464999d06fbaedf8cdd18",
              "status": "affected",
              "version": "0dd8a25f355b4df2d41c08df1716340854c7d4c5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "9b5a29f0acefa3eb1dbe2fa302b393eeff64d933",
              "versionType": "git"
            },
            {
              "lessThan": "4.19.324",
              "status": "affected",
              "version": "4.19.214",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.286",
              "status": "affected",
              "version": "5.4.156",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.230",
              "status": "affected",
              "version": "5.10.76",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15",
              "status": "affected",
              "version": "5.14.15",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hnae3.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "4.19.214",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "5.4.156",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "5.10.76",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.14.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670]  klist_put+0x28/0x12c\n[15278.138682][T50670]  klist_del+0x14/0x20\n[15278.142592][T50670]  device_del+0xbc/0x3c0\n[15278.146676][T50670]  pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670]  pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670]  pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670]  sriov_disable+0x50/0x11c\n[15278.166829][T50670]  pci_disable_sriov+0x24/0x30\n[15278.171433][T50670]  hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670]  hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670]  __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670]  __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670]  invoke_syscall+0x50/0x11c\n[15278.198278][T50670]  el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670]  do_el0_svc+0x34/0xcc\n[15278.207834][T50670]  el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n     rmmod hclge              disable VFs\n----------------------------------------------------\nhclge_exit()            sriov_numvfs_store()\n  ...                     device_lock()\n  pci_disable_sriov()     hns3_pci_sriov_configure()\n                            pci_disable_sriov()\n                              sriov_disable()\n    sriov_disable()             if !num_VFs :\n      if !num_VFs :               return;\n        return;                 sriov_del_vfs()\n      sriov_del_vfs()             ...\n        ...                       klist_put()\n        klist_put()               ...\n        ...                     num_VFs = 0;\n      num_VFs = 0;        device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:55:00.827Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d"
        },
        {
          "url": "https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09"
        },
        {
          "url": "https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5"
        },
        {
          "url": "https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18"
        }
      ],
      "title": "net: hns3: fix kernel crash when uninstalling driver",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50296",
    "datePublished": "2024-11-19T01:30:43.318Z",
    "dateReserved": "2024-10-21T19:36:19.986Z",
    "dateUpdated": "2026-05-23T15:55:00.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-50296",
      "date": "2026-06-10",
      "epss": "0.00022",
      "percentile": "0.06564"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.19.214\", \"versionEndExcluding\": \"4.19.324\", \"matchCriteriaId\": \"B33CD612-5C46-4533-B56E-D417DE841EF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4.156\", \"versionEndExcluding\": \"5.4.286\", \"matchCriteriaId\": \"656DF1AE-5B75-445C-B2FF-373108E88FBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.10.76\", \"versionEndExcluding\": \"5.10.230\", \"matchCriteriaId\": \"72E8FC35-C1C2-4646-9D95-FED73ACF4904\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.14.15\", \"versionEndExcluding\": \"5.15\", \"matchCriteriaId\": \"19C2E641-B44A-468E-8696-41BED0CAF158\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.15\", \"versionEndExcluding\": \"5.15.172\", \"matchCriteriaId\": \"34401FB8-C1E9-4E82-8273-9E67507E64D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.117\", \"matchCriteriaId\": \"0DD7F755-2F6B-4707-8973-78496AD5AA8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.61\", \"matchCriteriaId\": \"630ED7EB-C97E-4435-B884-1E309E40D6F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.11.8\", \"matchCriteriaId\": \"0BD000F7-3DAD-4DD3-8906-98EA1EC67E95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F361E1D-580F-4A2D-A509-7615F73167A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F717D8-3014-4F84-8086-0124B2111379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: hns3: fix kernel crash when uninstalling driver\\n\\nWhen the driver is uninstalled and the VF is disabled concurrently, a\\nkernel crash occurs. The reason is that the two actions call function\\npci_disable_sriov(). The num_VFs is checked to determine whether to\\nrelease the corresponding resources. During the second calling, num_VFs\\nis not 0 and the resource release function is called. However, the\\ncorresponding resource has been released during the first invoking.\\nTherefore, the problem occurs:\\n\\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\\n...\\n[15278.131557][T50670] Call trace:\\n[15278.134686][T50670]  klist_put+0x28/0x12c\\n[15278.138682][T50670]  klist_del+0x14/0x20\\n[15278.142592][T50670]  device_del+0xbc/0x3c0\\n[15278.146676][T50670]  pci_remove_bus_device+0x84/0x120\\n[15278.151714][T50670]  pci_stop_and_remove_bus_device+0x6c/0x80\\n[15278.157447][T50670]  pci_iov_remove_virtfn+0xb4/0x12c\\n[15278.162485][T50670]  sriov_disable+0x50/0x11c\\n[15278.166829][T50670]  pci_disable_sriov+0x24/0x30\\n[15278.171433][T50670]  hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\\n[15278.178039][T50670]  hclge_exit+0x28/0xd0 [hclge]\\n[15278.182730][T50670]  __se_sys_delete_module.isra.0+0x164/0x230\\n[15278.188550][T50670]  __arm64_sys_delete_module+0x1c/0x30\\n[15278.193848][T50670]  invoke_syscall+0x50/0x11c\\n[15278.198278][T50670]  el0_svc_common.constprop.0+0x158/0x164\\n[15278.203837][T50670]  do_el0_svc+0x34/0xcc\\n[15278.207834][T50670]  el0_svc+0x20/0x30\\n\\nFor details, see the following figure.\\n\\n     rmmod hclge              disable VFs\\n----------------------------------------------------\\nhclge_exit()            sriov_numvfs_store()\\n  ...                     device_lock()\\n  pci_disable_sriov()     hns3_pci_sriov_configure()\\n                            pci_disable_sriov()\\n                              sriov_disable()\\n    sriov_disable()             if !num_VFs :\\n      if !num_VFs :               return;\\n        return;                 sriov_del_vfs()\\n      sriov_del_vfs()             ...\\n        ...                       klist_put()\\n        klist_put()               ...\\n        ...                     num_VFs = 0;\\n      num_VFs = 0;        device_unlock();\\n\\nIn this patch, when driver is removing, we get the device_lock()\\nto protect num_VFs, just like sriov_numvfs_store().\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: se corrige el fallo del kernel al desinstalar el controlador Cuando se desinstala el controlador y se deshabilita el VF al mismo tiempo, se produce un fallo del kernel. La raz\\u00f3n es que las dos acciones llaman a la funci\\u00f3n pci_disable_sriov(). Se comprueba num_VFs para determinar si se deben liberar los recursos correspondientes. Durante la segunda llamada, num_VFs no es 0 y se llama a la funci\\u00f3n de liberaci\\u00f3n de recursos. Sin embargo, el recurso correspondiente se ha liberado durante la primera invocaci\\u00f3n. Por lo tanto, se produce el problema: [15277.839633][T50670] No se puede manejar la desreferencia del puntero NULL del n\\u00facleo en la direcci\\u00f3n virtual 0000000000000020 ... [15278.131557][T50670] Rastreo de llamadas: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_detener_y_eliminar_dispositivo_bus+0x6c/0x80 [15278.157447][T50670] pci_iov_eliminar_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_deshabilitar+0x50/0x11c [15278.166829][T50670] pci_deshabilitar_sriov+0x24/0x30 [15278.171433][T50670] hnae3_anular_registro_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invocar_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 Para obtener m\\u00e1s detalles, consulte la siguiente figura. rmmod hclge deshabilitar VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() si !num_VFs: si !num_VFs: devolver; devolver; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); En este parche, cuando se elimina el controlador, obtenemos device_lock() para proteger num_VFs, al igual que sriov_numvfs_store().\"}]",
      "id": "CVE-2024-50296",
      "lastModified": "2024-11-27T15:24:16.020",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-11-19T02:16:31.780",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50296\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-19T02:16:31.780\",\"lastModified\":\"2025-11-03T23:17:12.273\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: hns3: fix kernel crash when uninstalling driver\\n\\nWhen the driver is uninstalled and the VF is disabled concurrently, a\\nkernel crash occurs. The reason is that the two actions call function\\npci_disable_sriov(). The num_VFs is checked to determine whether to\\nrelease the corresponding resources. During the second calling, num_VFs\\nis not 0 and the resource release function is called. However, the\\ncorresponding resource has been released during the first invoking.\\nTherefore, the problem occurs:\\n\\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\\n...\\n[15278.131557][T50670] Call trace:\\n[15278.134686][T50670]  klist_put+0x28/0x12c\\n[15278.138682][T50670]  klist_del+0x14/0x20\\n[15278.142592][T50670]  device_del+0xbc/0x3c0\\n[15278.146676][T50670]  pci_remove_bus_device+0x84/0x120\\n[15278.151714][T50670]  pci_stop_and_remove_bus_device+0x6c/0x80\\n[15278.157447][T50670]  pci_iov_remove_virtfn+0xb4/0x12c\\n[15278.162485][T50670]  sriov_disable+0x50/0x11c\\n[15278.166829][T50670]  pci_disable_sriov+0x24/0x30\\n[15278.171433][T50670]  hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\\n[15278.178039][T50670]  hclge_exit+0x28/0xd0 [hclge]\\n[15278.182730][T50670]  __se_sys_delete_module.isra.0+0x164/0x230\\n[15278.188550][T50670]  __arm64_sys_delete_module+0x1c/0x30\\n[15278.193848][T50670]  invoke_syscall+0x50/0x11c\\n[15278.198278][T50670]  el0_svc_common.constprop.0+0x158/0x164\\n[15278.203837][T50670]  do_el0_svc+0x34/0xcc\\n[15278.207834][T50670]  el0_svc+0x20/0x30\\n\\nFor details, see the following figure.\\n\\n     rmmod hclge              disable VFs\\n----------------------------------------------------\\nhclge_exit()            sriov_numvfs_store()\\n  ...                     device_lock()\\n  pci_disable_sriov()     hns3_pci_sriov_configure()\\n                            pci_disable_sriov()\\n                              sriov_disable()\\n    sriov_disable()             if !num_VFs :\\n      if !num_VFs :               return;\\n        return;                 sriov_del_vfs()\\n      sriov_del_vfs()             ...\\n        ...                       klist_put()\\n        klist_put()               ...\\n        ...                     num_VFs = 0;\\n      num_VFs = 0;        device_unlock();\\n\\nIn this patch, when driver is removing, we get the device_lock()\\nto protect num_VFs, just like sriov_numvfs_store().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: se corrige el fallo del kernel al desinstalar el controlador Cuando se desinstala el controlador y se deshabilita el VF al mismo tiempo, se produce un fallo del kernel. La raz\u00f3n es que las dos acciones llaman a la funci\u00f3n pci_disable_sriov(). Se comprueba num_VFs para determinar si se deben liberar los recursos correspondientes. Durante la segunda llamada, num_VFs no es 0 y se llama a la funci\u00f3n de liberaci\u00f3n de recursos. Sin embargo, el recurso correspondiente se ha liberado durante la primera invocaci\u00f3n. Por lo tanto, se produce el problema: [15277.839633][T50670] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 ... [15278.131557][T50670] Rastreo de llamadas: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_detener_y_eliminar_dispositivo_bus+0x6c/0x80 [15278.157447][T50670] pci_iov_eliminar_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_deshabilitar+0x50/0x11c [15278.166829][T50670] pci_deshabilitar_sriov+0x24/0x30 [15278.171433][T50670] hnae3_anular_registro_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invocar_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 Para obtener m\u00e1s detalles, consulte la siguiente figura. rmmod hclge deshabilitar VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() si !num_VFs: si !num_VFs: devolver; devolver; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); En este parche, cuando se elimina el controlador, obtenemos device_lock() para proteger num_VFs, al igual que sriov_numvfs_store().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.214\",\"versionEndExcluding\":\"4.19.324\",\"matchCriteriaId\":\"B33CD612-5C46-4533-B56E-D417DE841EF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.156\",\"versionEndExcluding\":\"5.4.286\",\"matchCriteriaId\":\"656DF1AE-5B75-445C-B2FF-373108E88FBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.76\",\"versionEndExcluding\":\"5.10.230\",\"matchCriteriaId\":\"72E8FC35-C1C2-4646-9D95-FED73ACF4904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14.15\",\"versionEndExcluding\":\"5.15\",\"matchCriteriaId\":\"19C2E641-B44A-468E-8696-41BED0CAF158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15\",\"versionEndExcluding\":\"5.15.172\",\"matchCriteriaId\":\"34401FB8-C1E9-4E82-8273-9E67507E64D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.117\",\"matchCriteriaId\":\"0DD7F755-2F6B-4707-8973-78496AD5AA8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.61\",\"matchCriteriaId\":\"630ED7EB-C97E-4435-B884-1E309E40D6F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.8\",\"matchCriteriaId\":\"0BD000F7-3DAD-4DD3-8906-98EA1EC67E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50296\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T20:14:08.140052Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T15:27:40.968Z\"}}], \"cna\": {\"title\": \"net: hns3: fix kernel crash when uninstalling driver\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"b06ad258e01389ca3ff13bc180f3fcd6a608f1cd\", \"lessThan\": \"a0df055775f30850c0da8f7dab40d67c0fd63908\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c4b64011e458aa2b246cd4e42012cfd83d2d9a5c\", \"lessThan\": \"7ae4e56de7dbd0999578246a536cf52a63f4056d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d36b15e3e7b5937cb1f6ac590a85facc3a320642\", \"lessThan\": \"590a4b2d4e0b73586e88bce9b8135b593355ec09\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0dd8a25f355b4df2d41c08df1716340854c7d4c5\", \"lessThan\": \"e36482b222e00cc7aeeea772fc0cf2943590bc4d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0dd8a25f355b4df2d41c08df1716340854c7d4c5\", \"lessThan\": \"76b155e14d9b182ce83d32ada2d0d7219ea8c8dd\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0dd8a25f355b4df2d41c08df1716340854c7d4c5\", \"lessThan\": \"719edd9f3372ce7fb3b157647c6658672946874b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0dd8a25f355b4df2d41c08df1716340854c7d4c5\", \"lessThan\": \"b5c94e4d947d15d521e935ff10c5a22a7883dea5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0dd8a25f355b4df2d41c08df1716340854c7d4c5\", \"lessThan\": \"df3dff8ab6d79edc942464999d06fbaedf8cdd18\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"9b5a29f0acefa3eb1dbe2fa302b393eeff64d933\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/hisilicon/hns3/hnae3.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.15\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.15\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.324\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.286\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.230\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.172\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.117\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.61\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11.8\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/hisilicon/hns3/hnae3.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908\"}, {\"url\": \"https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d\"}, {\"url\": \"https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09\"}, {\"url\": \"https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d\"}, {\"url\": \"https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd\"}, {\"url\": \"https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b\"}, {\"url\": \"https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5\"}, {\"url\": \"https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: hns3: fix kernel crash when uninstalling driver\\n\\nWhen the driver is uninstalled and the VF is disabled concurrently, a\\nkernel crash occurs. The reason is that the two actions call function\\npci_disable_sriov(). The num_VFs is checked to determine whether to\\nrelease the corresponding resources. During the second calling, num_VFs\\nis not 0 and the resource release function is called. However, the\\ncorresponding resource has been released during the first invoking.\\nTherefore, the problem occurs:\\n\\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\\n...\\n[15278.131557][T50670] Call trace:\\n[15278.134686][T50670]  klist_put+0x28/0x12c\\n[15278.138682][T50670]  klist_del+0x14/0x20\\n[15278.142592][T50670]  device_del+0xbc/0x3c0\\n[15278.146676][T50670]  pci_remove_bus_device+0x84/0x120\\n[15278.151714][T50670]  pci_stop_and_remove_bus_device+0x6c/0x80\\n[15278.157447][T50670]  pci_iov_remove_virtfn+0xb4/0x12c\\n[15278.162485][T50670]  sriov_disable+0x50/0x11c\\n[15278.166829][T50670]  pci_disable_sriov+0x24/0x30\\n[15278.171433][T50670]  hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\\n[15278.178039][T50670]  hclge_exit+0x28/0xd0 [hclge]\\n[15278.182730][T50670]  __se_sys_delete_module.isra.0+0x164/0x230\\n[15278.188550][T50670]  __arm64_sys_delete_module+0x1c/0x30\\n[15278.193848][T50670]  invoke_syscall+0x50/0x11c\\n[15278.198278][T50670]  el0_svc_common.constprop.0+0x158/0x164\\n[15278.203837][T50670]  do_el0_svc+0x34/0xcc\\n[15278.207834][T50670]  el0_svc+0x20/0x30\\n\\nFor details, see the following figure.\\n\\n     rmmod hclge              disable VFs\\n----------------------------------------------------\\nhclge_exit()            sriov_numvfs_store()\\n  ...                     device_lock()\\n  pci_disable_sriov()     hns3_pci_sriov_configure()\\n                            pci_disable_sriov()\\n                              sriov_disable()\\n    sriov_disable()             if !num_VFs :\\n      if !num_VFs :               return;\\n        return;                 sriov_del_vfs()\\n      sriov_del_vfs()             ...\\n        ...                       klist_put()\\n        klist_put()               ...\\n        ...                     num_VFs = 0;\\n      num_VFs = 0;        device_unlock();\\n\\nIn this patch, when driver is removing, we get the device_lock()\\nto protect num_VFs, just like sriov_numvfs_store().\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.324\", \"versionStartIncluding\": \"4.19.214\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.286\", \"versionStartIncluding\": \"5.4.156\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.230\", \"versionStartIncluding\": \"5.10.76\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.172\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.117\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.61\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11.8\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12\", \"versionStartIncluding\": \"5.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"5.14.15\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T13:00:12.984Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-50296\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T20:17:20.512Z\", \"dateReserved\": \"2024-10-21T19:36:19.986Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-11-19T01:30:43.318Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.