CVE-2024-38385
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38385
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38385.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-38385
- Downstream
- Related
- Published
- 2024-06-25T14:22:37Z
- Modified
- 2025-10-17T06:51:44.072558Z
- Summary
- genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
genirq/irqdesc: Prevent use-after-free in irqfindatorafter()
irqfindatorafter() dereferences the interrupt descriptor which is returned by mtfind() while neither holding sparseirqlock nor RCU read lock, which means the descriptor can be freed between mtfind() and the dereference:
CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc)The use-after-free is reported by KASAN:
Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720Guard the access with a RCU read lock section.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced721255b9826bd11c7a38b585905fc2dd0fb94e52Fixed1c7891812d85500ae2ca4051fa5683fcf29930d8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced721255b9826bd11c7a38b585905fc2dd0fb94e52Fixedd084aa022f84319f8079e30882cbcbc026af9f21
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced721255b9826bd11c7a38b585905fc2dd0fb94e52Fixedb84a8aba806261d2f759ccedf4a2a6a80a5e55ba
Affected versions
v6.*
v6.4
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1c7891812d85500ae2ca4051fa5683fcf29930d8",
"id": "CVE-2024-38385-0d8257d6",
"target": {
"file": "kernel/irq/irqdesc.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"253629886138712177606806744360645014500",
"39897765187889418372118326853921901494",
"18744758136495307770954530207694818743",
"89121969981601416350512918343812170986"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d084aa022f84319f8079e30882cbcbc026af9f21",
"id": "CVE-2024-38385-3151e195",
"target": {
"function": "irq_find_at_or_after",
"file": "kernel/irq/irqdesc.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "50393063533960544904307537804509959389",
"length": 191.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d084aa022f84319f8079e30882cbcbc026af9f21",
"id": "CVE-2024-38385-6d1810db",
"target": {
"file": "kernel/irq/irqdesc.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"253629886138712177606806744360645014500",
"39897765187889418372118326853921901494",
"18744758136495307770954530207694818743",
"89121969981601416350512918343812170986"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1c7891812d85500ae2ca4051fa5683fcf29930d8",
"id": "CVE-2024-38385-bc32d5af",
"target": {
"function": "irq_find_at_or_after",
"file": "kernel/irq/irqdesc.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "50393063533960544904307537804509959389",
"length": 191.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b84a8aba806261d2f759ccedf4a2a6a80a5e55ba",
"id": "CVE-2024-38385-de350e19",
"target": {
"function": "irq_find_at_or_after",
"file": "kernel/irq/irqdesc.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "50393063533960544904307537804509959389",
"length": 191.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b84a8aba806261d2f759ccedf4a2a6a80a5e55ba",
"id": "CVE-2024-38385-f18a204d",
"target": {
"file": "kernel/irq/irqdesc.c"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"253629886138712177606806744360645014500",
"39897765187889418372118326853921901494",
"18744758136495307770954530207694818743",
"89121969981601416350512918343812170986"
],
"threshold": 0.9
}
}
]