CVE-2024-39478

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the crypto starfive module in the Linux kernel, where a variable length buffer allocated in the software stack for RSA text data is freed, causing undefined behavior in subsequent operations. This is due to the function starfive rsa enc core() in the module drivers/crypto/starfive/jh7110-rsa.c, which is associated with the reuse of previously freed memory. Exploitation of this issue may allow an attacker to impact the availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.