In the Linux kernel, the following vulnerability has been resolved:
uacce: ensure safe queue release with state management
Directly calling `put_queue` carries risks since it cannot
guarantee that resources of `uacce_queue` have been fully released
beforehand. So adding a `stop_queue` operation for the
UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to
the final resource release ensures safety. Queue states are defined as follows:
- UACCE_Q_ZOMBIE: Initial state
- UACCE_Q_INIT: After opening `uacce`
- UACCE_Q_STARTED: After `start` is issued via `ioctl`
When executing `poweroff -f` in virt while accelerator are still
working, `uacce_fops_release` and `uacce_remove` may execute
concurrently.
This can cause `uacce_put_queue` within
`uacce_fops_release` to access a NULL `ops` pointer. Therefore, add
state checks to prevent accessing freed pointers.
Attack Parameters
Impact Assessment
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 12
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
5.7
|
5.10.249
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
5.11
|
5.15.199
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
5.16
|
6.1.162
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
6.2
|
6.6.122
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
6.7
|
6.12.68
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
6.13
|
6.18.8
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
|
— | — |