CVE-2024-47748
- Source
- https://cve.org/CVERecord?id=CVE-2024-47748
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47748.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-47748
- Downstream
- Related
- Published
- 2024-10-21T12:14:14.448Z
- Modified
- 2026-03-20T12:39:15.009838Z
- Summary
- vhost_vdpa: assign irq bypass producer token correctly
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vhost_vdpa: assign irq bypass producer token correctly
We used to call irqbypassunregisterproducer() in vhostvdpasetupvq_irq() which is problematic as we don't know if the token pointer is still valid or not.
Actually, we use the eventfdctx as the token so the life cycle of the token should be bound to the VHOSTSETVRINGCALL instead of vhostvdpasetupvqirq() which could be called by set_status().
Fixing this by setting up irq bypass producer's token when handling VHOSTSETVRINGCALL and un-registering the producer before calling vhostvringioctl() to prevent a possible use after free as eventfd could have been released in vhostvringioctl(). And such registering and unregistering will only be done if DRIVEROK is set.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47748.json" }- References
-
- https://git.kernel.org/stable/c/02e9e9366fefe461719da5d173385b6685f70319
- https://git.kernel.org/stable/c/0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0
- https://git.kernel.org/stable/c/7cf2fb51175cafe01df8c43fa15a06194a59c6e2
- https://git.kernel.org/stable/c/927a2580208e0f9b0b47b08f1c802b7233a7ba3c
- https://git.kernel.org/stable/c/ca64edd7ae93402af2596a952e0d94d545e2b9c0
- https://git.kernel.org/stable/c/ec5f1b54ceb23475049ada6e7a43452cf4df88d1
- https://git.kernel.org/stable/c/fae9b1776f53aab93ab345bdbf653b991aed717d
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47748.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-47748
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60Fixed0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0Fixed927a2580208e0f9b0b47b08f1c802b7233a7ba3cFixedec5f1b54ceb23475049ada6e7a43452cf4df88d1Fixedca64edd7ae93402af2596a952e0d94d545e2b9c0Fixedfae9b1776f53aab93ab345bdbf653b991aed717dFixed7cf2fb51175cafe01df8c43fa15a06194a59c6e2Fixed02e9e9366fefe461719da5d173385b6685f70319