CVE-2024-47730
Last modified
CVE-2024-47730 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 11.0 |
| Linux | Linux Kernel | >= 5.8, < 5.10.235 |
| Linux | Linux Kernel | >= 5.11, < 5.15.174 |
| Linux | Linux Kernel | >= 5.16, < 6.1.113 |
| Linux | Linux Kernel | >= 6.2, < 6.6.54 |
| Linux | Linux Kernel | >= 6.7, < 6.10.13 |
| Linux | Linux Kernel | >= 6.11, < 6.11.2 |
References
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-47730?
How severe is CVE-2024-47730?
How do I fix CVE-2024-47730?
Are you affected by CVE-2024-47730?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST