CVE-2024-47732
- Source
- https://cve.org/CVERecord?id=CVE-2024-47732
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47732.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47732
- Downstream
- Related
- Published
- 2024-10-21T12:14:03.863Z
- Modified
- 2026-03-20T12:39:13.485622Z
- Summary
- crypto: iaa - Fix potential use after free bug
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix potential use after free bug
The freedevicecompressionmode(iaadevice, devicemode) function frees "devicemode" but it iss passed to iaacompressionmodes[i]->free() a few lines later resulting in a use after free.
The good news is that, so far as I can tell, nothing implements the ->free() function and the use after free happens in dead code. But, with this fix, when something does implement it, we'll be ready. :)
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47732.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/b5d534b473e2c8d3e4560be2dd6c12a8eb9d61e9
- https://git.kernel.org/stable/c/c66f0be993ba52410edab06124c54ecf143b05c1
- https://git.kernel.org/stable/c/e0d3b845a1b10b7b5abdad7ecc69d45b2aab3209
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47732.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-47732
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git