github - ghsa-xqvp-j58f-pjf5

ghsa-xqvp-j58f-pjf5

Vulnerability from github

Published

2024-04-17 12:32

Modified

2024-06-26 00:31

Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/srpt: Do not register event handler until srpt device is fully setup

Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port().

This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error may leave a partially setup event handler in place.

Instead, only register the event handler after srpt device initialization is complete.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-26872"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T11:15:09Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Do not register event handler until srpt device is fully setup\n\nUpon rare occasions, KASAN reports a use-after-free Write\nin srpt_refresh_port().\n\nThis seems to be because an event handler is registered before the\nsrpt device is fully setup and a race condition upon error may leave a\npartially setup event handler in place.\n\nInstead, only register the event handler after srpt device initialization\nis complete.",
  "id": "GHSA-xqvp-j58f-pjf5",
  "modified": "2024-06-26T00:31:37Z",
  "published": "2024-04-17T12:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26872"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6413e78086caf7bf15639923740da0d91fdfd090"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7104a00fa37ae898a827381f1161fa3286c8b346"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85570b91e4820a0db9d9432098778cafafa7d217"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdd895e0190c464f54f84579e7535d80276f0fc5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c21a8870c98611e8f892511825c9607f1e2cd456"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e362d007294955a4fb929e1c8978154a64efdcb6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec77fa12da41260c6bf9e060b89234b980c5130f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2024-26872

Vulnerability from cvelistv5

Published

2024-04-17 10:27

Modified

2024-11-05 09:17

Severity ?

Summary

RDMA/srpt: Do not register event handler until srpt device is fully setup

References

▼	URL	Tags
	https://git.kernel.org/stable/c/bdd895e0190c464f54f84579e7535d80276f0fc5
	https://git.kernel.org/stable/c/6413e78086caf7bf15639923740da0d91fdfd090
	https://git.kernel.org/stable/c/e362d007294955a4fb929e1c8978154a64efdcb6
	https://git.kernel.org/stable/c/85570b91e4820a0db9d9432098778cafafa7d217
	https://git.kernel.org/stable/c/7104a00fa37ae898a827381f1161fa3286c8b346
	https://git.kernel.org/stable/c/ec77fa12da41260c6bf9e060b89234b980c5130f
	https://git.kernel.org/stable/c/c21a8870c98611e8f892511825c9607f1e2cd456

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website