CVE-2024-53068

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53068

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53068.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53068

Downstream

BELL-CVE-2024-53068

DEBIAN-CVE-2024-53068

ECHO-8d5e-34d7-36c4

OESA-2024-2537

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4345-1

SUSE-SU-2024:4346-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

UBUNTU-CVE-2024-53068

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Related

Published

2024-11-19T18:15:26Z

Modified

2025-08-09T20:01:25Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: armscmi: Fix slab-use-after-free in scmibus_notifier()

The scmidev->name is released prematurely in _scmidevicedestroy(), which causes slab-use-after-free when accessing scmidev->name in scmibusnotifier(). So move the release of scmidev->name to scmidevicerelease() to avoid slab-use-after-free.

| BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 | | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1 | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT) | Call trace: | dumpbacktrace+0x94/0x114 | showstack+0x18/0x24 | dumpstacklvl+0x48/0x60 | printreport+0xf4/0x5b0 | kasanreport+0xa4/0xec | _asanreportload1noabort+0x20/0x2c | strncmp+0xe4/0xec | scmibusnotifier+0x5c/0x54c | notifiercallchain+0xb4/0x31c | blockingnotifiercallchain+0x68/0x9c | busnotify+0x54/0x78 | devicedel+0x1bc/0x840 | deviceunregister+0x20/0xb4 | _scmidevicedestroy+0xac/0x280 | scmidevicedestroy+0x94/0xd0 | scmichansetup+0x524/0x750 | scmiprobe+0x7fc/0x1508 | platformprobe+0xc4/0x19c | reallyprobe+0x32c/0x99c | _driverprobedevice+0x15c/0x3c4 | driverprobedevice+0x5c/0x170 | _driverattach+0x1c8/0x440 | busforeachdev+0xf4/0x178 | driverattach+0x3c/0x58 | busadddriver+0x234/0x4d4 | driverregister+0xf4/0x3c0 | _platformdriverregister+0x60/0x88 | scmidriverinit+0xb0/0x104 | dooneinitcall+0xb4/0x664 | kernelinitfreeable+0x3c8/0x894 | kernelinit+0x24/0x1e8 | retfromfork+0x10/0x20 | | Allocated by task 1: | kasansavestack+0x2c/0x54 | kasansettrack+0x2c/0x40 | kasansaveallocinfo+0x24/0x34 | _kasankmalloc+0xa0/0xb8 | _kmallocnodetrackcaller+0x6c/0x104 | kstrdup+0x48/0x84 | kstrdupconst+0x34/0x40 | _scmidevicecreate.part.0+0x8c/0x408 | scmidevicecreate+0x104/0x370 | scmichansetup+0x2a0/0x750 | scmiprobe+0x7fc/0x1508 | platformprobe+0xc4/0x19c | reallyprobe+0x32c/0x99c | _driverprobedevice+0x15c/0x3c4 | driverprobedevice+0x5c/0x170 | _driverattach+0x1c8/0x440 | busforeachdev+0xf4/0x178 | driverattach+0x3c/0x58 | busadddriver+0x234/0x4d4 | driverregister+0xf4/0x3c0 | _platformdriverregister+0x60/0x88 | scmidriverinit+0xb0/0x104 | dooneinitcall+0xb4/0x664 | kernelinitfreeable+0x3c8/0x894 | kernelinit+0x24/0x1e8 | retfromfork+0x10/0x20 | | Freed by task 1: | kasansavestack+0x2c/0x54 | kasansettrack+0x2c/0x40 | kasansavefreeinfo+0x38/0x5c | _kasanslabfree+0xe8/0x164 | _kmemcachefree+0x11c/0x230 | kfree+0x70/0x130 | kfreeconst+0x20/0x40 | _scmidevicedestroy+0x70/0x280 | scmidevicedestroy+0x94/0xd0 | scmichansetup+0x524/0x750 | scmiprobe+0x7fc/0x1508 | platformprobe+0xc4/0x19c | reallyprobe+0x32c/0x99c | _driverprobedevice+0x15c/0x3c4 | driverprobedevice+0x5c/0x170 | _driverattach+0x1c8/0x440 | busforeachdev+0xf4/0x178 | driverattach+0x3c/0x58 | busadddriver+0x234/0x4d4 | driverregister+0xf4/0x3c0 | _platformdriverregister+0x60/0x88 | scmidriverinit+0xb0/0x104 | dooneinitcall+0xb4/0x664 | kernelinitfreeable+0x3c8/0x894 | kernelinit+0x24/0x1e8 | retfromfork+0x10/0x20

References

Affected packages