CVE-2024-49981

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-49981
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49981.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-49981
Downstream
Related
Published
2024-10-21T18:02:27.142Z
Modified
2026-05-15T11:53:59.100060572Z
Summary
media: venus: fix use after free bug in venus_remove due to race condition
Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: fix use after free bug in venus_remove due to race condition

in venusprobe, core->work is bound with venussyserrorhandler, which is used to handle error. The code use core->syserrdone to make sync work. The core->work is started in venuseventnotify.

If we call venus_remove, there might be an unfished work. The possible sequence is as follows:

CPU0 CPU1

                 |venus_sys_error_handler

venusremove | hfidestroy | venushfidestroy | kfree(hdev); | |hfireinit |venushfiqueuesreinit |//use hdev

Fix it by canceling the work in venus_remove.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49981.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.13.0
Fixed
4.19.323
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.285
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.227
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.168
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.113
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.55
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.14
Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.11.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49981.json"