SB20240531106 - Use-after-free in Linux kernel qat qat_common driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2024-26974)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7
• https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81
• https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71
• https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f
• https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7
• https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc
• https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be
• https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828
• https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3