{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-49981","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T12:17:06.052Z","datePublished":"2024-10-21T18:02:27.142Z","dateUpdated":"2025-11-03T22:24:00.609Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:42:57.046Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free bug in venus_remove due to race condition\n\nin venus_probe, core->work is bound with venus_sys_error_handler, which is\nused to handle error. The code use core->sys_err_done to make sync work.\nThe core->work is started in venus_event_notify.\n\nIf we call venus_remove, there might be an unfished work. The possible\nsequence is as follows:\n\nCPU0                  CPU1\n\n                     |venus_sys_error_handler\nvenus_remove         |\nhfi_destroy\t \t\t |\nvenus_hfi_destroy\t |\nkfree(hdev);\t     |\n                     |hfi_reinit\n\t\t\t\t\t |venus_hfi_queues_reinit\n                     |//use hdev\n\nFix it by canceling the work in venus_remove."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/platform/qcom/venus/core.c"],"versions":[{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"5098b9e6377577fe13d03e1d8914930f014a3314","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"63bbe26471ebdcc3c20bb4cc3950d666279ad658","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"60b6968341a6dd5353554f3e72db554693a128a5","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"bf6be32e2d39f6301ff1831e249d32a8744ab28a","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"2a541fcc0bd2b05a458e9613376df1289ec11621","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"b0686aedc5f1343442d044bd64eeac7e7a391f4e","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"d925e9f7fb5a2dbefd1a73fc01061f38c7becd4c","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"10941d4f99a5a34999121b314afcd9c0a1c14f15","status":"affected","versionType":"git"},{"version":"af2c3834c8ca7cc65d15592ac671933df8848115","lessThan":"c5a85ed88e043474161bbfe54002c89c1cb50ee2","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/platform/qcom/venus/core.c"],"versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","status":"unaffected","versionType":"semver"},{"version":"4.19.323","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.285","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.227","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.168","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.113","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.55","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.14","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11.3","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"4.19.323"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.4.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.10.227"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.1.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.6.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.10.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.11.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5098b9e6377577fe13d03e1d8914930f014a3314"},{"url":"https://git.kernel.org/stable/c/63bbe26471ebdcc3c20bb4cc3950d666279ad658"},{"url":"https://git.kernel.org/stable/c/60b6968341a6dd5353554f3e72db554693a128a5"},{"url":"https://git.kernel.org/stable/c/bf6be32e2d39f6301ff1831e249d32a8744ab28a"},{"url":"https://git.kernel.org/stable/c/2a541fcc0bd2b05a458e9613376df1289ec11621"},{"url":"https://git.kernel.org/stable/c/b0686aedc5f1343442d044bd64eeac7e7a391f4e"},{"url":"https://git.kernel.org/stable/c/d925e9f7fb5a2dbefd1a73fc01061f38c7becd4c"},{"url":"https://git.kernel.org/stable/c/10941d4f99a5a34999121b314afcd9c0a1c14f15"},{"url":"https://git.kernel.org/stable/c/c5a85ed88e043474161bbfe54002c89c1cb50ee2"}],"title":"media: venus: fix use after free bug in venus_remove due to race condition","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-49981","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:32:30.301335Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:38:44.376Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:24:00.609Z"}}]}}