๐Ÿ” CVE Alert

CVE-2024-47748

UNKNOWN 0.0

vhost_vdpa: assign irq bypass producer token correctly

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: assign irq bypass producer token correctly We used to call irq_bypass_unregister_producer() in vhost_vdpa_setup_vq_irq() which is problematic as we don't know if the token pointer is still valid or not. Actually, we use the eventfd_ctx as the token so the life cycle of the token should be bound to the VHOST_SET_VRING_CALL instead of vhost_vdpa_setup_vq_irq() which could be called by set_status(). Fixing this by setting up irq bypass producer's token when handling VHOST_SET_VRING_CALL and un-registering the producer before calling vhost_vring_ioctl() to prevent a possible use after free as eventfd could have been released in vhost_vring_ioctl(). And such registering and unregistering will only be done if DRIVER_OK is set.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Oct 21, 2024
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 < 0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 < 927a2580208e0f9b0b47b08f1c802b7233a7ba3c 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 < ec5f1b54ceb23475049ada6e7a43452cf4df88d1 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 < ca64edd7ae93402af2596a952e0d94d545e2b9c0 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 < fae9b1776f53aab93ab345bdbf653b991aed717d 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 < 7cf2fb51175cafe01df8c43fa15a06194a59c6e2 2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 < 02e9e9366fefe461719da5d173385b6685f70319
Linux / Linux
5.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/0c170b1e918b9afac25e2bbd01eaa2bfc0ece8c0 git.kernel.org: https://git.kernel.org/stable/c/927a2580208e0f9b0b47b08f1c802b7233a7ba3c git.kernel.org: https://git.kernel.org/stable/c/ec5f1b54ceb23475049ada6e7a43452cf4df88d1 git.kernel.org: https://git.kernel.org/stable/c/ca64edd7ae93402af2596a952e0d94d545e2b9c0 git.kernel.org: https://git.kernel.org/stable/c/fae9b1776f53aab93ab345bdbf653b991aed717d git.kernel.org: https://git.kernel.org/stable/c/7cf2fb51175cafe01df8c43fa15a06194a59c6e2 git.kernel.org: https://git.kernel.org/stable/c/02e9e9366fefe461719da5d173385b6685f70319 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html