In the Linux kernel, the following vulnerability has been resolved:
habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory
Our code analyzer reported a uaf.
In gaudi_memset_device_memory, cb is get via hl_cb_kernel_create()
with 2 refcount.
If hl_cs_allocate_job() failed, the execution runs into release_cb
branch. One ref of cb is dropped by hl_cb_put(cb) and could be freed
if other thread also drops one ref. Then cb is used by cb->id later,
which is a potential uaf.
My patch add a variable 'id' to accept the value of cb->id before the
hl_cb_put(cb) is called, to avoid the potential uaf.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Dec 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 04 Nov 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: Linux
Published: 2024-03-01T21:15:16.684Z
Updated: 2025-05-04T07:03:46.750Z
Reserved: 2024-02-29T22:33:44.298Z
Link: CVE-2021-47081

Updated: 2024-08-04T05:24:39.774Z

Status : Analyzed
Published: 2024-03-01T22:15:47.483
Modified: 2024-12-09T18:45:24.617
Link: CVE-2021-47081
