CVE-2024-49981

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue is related to a use after free bug in the venus remove function due to a race condition. This bug can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by the core->work being bound with venus sys error handler in venus probe, and the code using core->sys err done to make sync work. The core->work is started in venus event notify. If venus remove is called, there might be an unfinished work, leading to a possible sequence where the hdev is used after being freed.

Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the venus remove function until a patch is available. Restrict access to the vulnerable venus sys error handler function to minimize the risk of exploitation. Avoid using the core->work in the affected venus probe function until the issue is resolved.