CVE-2024-26974 — Time-of-check Time-of-use (TOCTOU) Race Condition in Linux
CWE-367 — Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-416 — Use After Free51 documents8 sources
Severity
7.0HIGHNVD
OSV7.8OSV5.5
EPSS
0.0%
top 89.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateMay 13
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - resolve race condition during AER recovery
During the PCI AER system's error recovery process, the kernel driver
may encounter a race condition with freeing the reset_data structure's
memory. If the device restart will take more than 10 seconds the function
scheduling that restart will exit due to a timeout, and the reset_data
structure will be freed. However, this data structure is used for
completion notificati…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages9 packages
▶CVEListV5linux/linuxd8cba25d2c68992a6e7c1d329b690a9ebe01167d — daba62d9eeddcc5b1081be7d348ca836c83c59d7+9
Also affects: Debian Linux 10.0