CVE-2024-56714 (GCVE-0-2024-56714)

Vulnerability from cvelistv5 – Published: 2024-12-29 08:48 – Updated: 2025-05-04 10:03
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: ionic: no double destroy workqueue There are some FW error handling paths that can cause us to try to destroy the workqueue more than once, so let's be sure we're checking for that. The case where this popped up was in an AER event where the handlers got called in such a way that ionic_reset_prepare() and thus ionic_dev_teardown() got called twice in a row. The second time through the workqueue was already destroyed, and destroy_workqueue() choked on the bad wq pointer. We didn't hit this in AER handler testing before because at that time we weren't using a private workqueue. Later we replaced the use of the system workqueue with our own private workqueue but hadn't rerun the AER handler testing since then.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 9e25450da7006cd6f425248a5b38dad4adb3c981 , < 13355dd37e22edbcb99c599f783233188740a650 (git)
Affected: 9e25450da7006cd6f425248a5b38dad4adb3c981 , < 746e6ae2e202b062b9deee7bd86d94937997ecd7 (git)
Create a notification for this product.
    Linux Linux Affected: 6.11
Unaffected: 0 , < 6.11 (semver)
Unaffected: 6.12.7 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/pensando/ionic/ionic_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "13355dd37e22edbcb99c599f783233188740a650",
              "status": "affected",
              "version": "9e25450da7006cd6f425248a5b38dad4adb3c981",
              "versionType": "git"
            },
            {
              "lessThan": "746e6ae2e202b062b9deee7bd86d94937997ecd7",
              "status": "affected",
              "version": "9e25450da7006cd6f425248a5b38dad4adb3c981",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/pensando/ionic/ionic_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.7",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "6.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: no double destroy workqueue\n\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let\u0027s be sure\nwe\u0027re checking for that.\n\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\n\nWe didn\u0027t hit this in AER handler testing before because at\nthat time we weren\u0027t using a private workqueue.  Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn\u0027t rerun the AER handler testing since then."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:03:09.612Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/13355dd37e22edbcb99c599f783233188740a650"
        },
        {
          "url": "https://git.kernel.org/stable/c/746e6ae2e202b062b9deee7bd86d94937997ecd7"
        }
      ],
      "title": "ionic: no double destroy workqueue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56714",
    "datePublished": "2024-12-29T08:48:47.681Z",
    "dateReserved": "2024-12-27T15:00:39.857Z",
    "dateUpdated": "2025-05-04T10:03:09.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nionic: no double destroy workqueue\\n\\nThere are some FW error handling paths that can cause us to\\ntry to destroy the workqueue more than once, so let\u0027s be sure\\nwe\u0027re checking for that.\\n\\nThe case where this popped up was in an AER event where the\\nhandlers got called in such a way that ionic_reset_prepare()\\nand thus ionic_dev_teardown() got called twice in a row.\\nThe second time through the workqueue was already destroyed,\\nand destroy_workqueue() choked on the bad wq pointer.\\n\\nWe didn\u0027t hit this in AER handler testing before because at\\nthat time we weren\u0027t using a private workqueue.  Later we\\nreplaced the use of the system workqueue with our own private\\nworkqueue but hadn\u0027t rerun the AER handler testing since then.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ionic: no double destroy workqueue Hay algunas rutas de gesti\\u00f3n de errores de FW que pueden hacer que intentemos destruir la cola de trabajo m\\u00e1s de una vez, as\\u00ed que asegur\\u00e9monos de que estamos comprobando eso. El caso en el que esto apareci\\u00f3 fue en un evento AER donde los controladores fueron llamados de tal manera que ionic_reset_prepare() y, por lo tanto, ionic_dev_teardown() fueron llamados dos veces seguidas. La segunda vez, la cola de trabajo ya estaba destruida y destroy_workqueue() se ahog\\u00f3 en el puntero wq defectuoso. No nos topamos con esto en las pruebas del controlador AER antes porque en ese momento no est\\u00e1bamos usando una cola de trabajo privada. M\\u00e1s tarde reemplazamos el uso de la cola de trabajo del sistema con nuestra propia cola de trabajo privada, pero no hab\\u00edamos vuelto a ejecutar la prueba del controlador AER desde entonces.\"}]",
      "id": "CVE-2024-56714",
      "lastModified": "2024-12-29T09:15:06.510",
      "published": "2024-12-29T09:15:06.510",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/13355dd37e22edbcb99c599f783233188740a650\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/746e6ae2e202b062b9deee7bd86d94937997ecd7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56714\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-29T09:15:06.510\",\"lastModified\":\"2025-10-15T17:42:17.180\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nionic: no double destroy workqueue\\n\\nThere are some FW error handling paths that can cause us to\\ntry to destroy the workqueue more than once, so let\u0027s be sure\\nwe\u0027re checking for that.\\n\\nThe case where this popped up was in an AER event where the\\nhandlers got called in such a way that ionic_reset_prepare()\\nand thus ionic_dev_teardown() got called twice in a row.\\nThe second time through the workqueue was already destroyed,\\nand destroy_workqueue() choked on the bad wq pointer.\\n\\nWe didn\u0027t hit this in AER handler testing before because at\\nthat time we weren\u0027t using a private workqueue.  Later we\\nreplaced the use of the system workqueue with our own private\\nworkqueue but hadn\u0027t rerun the AER handler testing since then.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ionic: no double destroy workqueue Hay algunas rutas de gesti\u00f3n de errores de FW que pueden hacer que intentemos destruir la cola de trabajo m\u00e1s de una vez, as\u00ed que asegur\u00e9monos de que estamos comprobando eso. El caso en el que esto apareci\u00f3 fue en un evento AER donde los controladores fueron llamados de tal manera que ionic_reset_prepare() y, por lo tanto, ionic_dev_teardown() fueron llamados dos veces seguidas. La segunda vez, la cola de trabajo ya estaba destruida y destroy_workqueue() se ahog\u00f3 en el puntero wq defectuoso. No nos topamos con esto en las pruebas del controlador AER antes porque en ese momento no est\u00e1bamos usando una cola de trabajo privada. M\u00e1s tarde reemplazamos el uso de la cola de trabajo del sistema con nuestra propia cola de trabajo privada, pero no hab\u00edamos vuelto a ejecutar la prueba del controlador AER desde entonces.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.11\",\"versionEndExcluding\":\"6.12.7\",\"matchCriteriaId\":\"6ACCAC21-7ECC-4FBC-A3F6-FD71065601D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A073481-106D-4B15-B4C7-FB0213B8E1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE491969-75AE-4A6B-9A58-8FC5AF98798F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/13355dd37e22edbcb99c599f783233188740a650\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/746e6ae2e202b062b9deee7bd86d94937997ecd7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.