CVE-2024-53191

一、漏洞信息
漏洞编号：CVE-2024-53191
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.1.8,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：7.8 High
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:wifi: ath12k: fix warning when unbindingIf there is an error during some initialization related to firmware,the buffers dp->tx_ring[i].tx_status are released.However this is released again when the device is unbinded (ath12k_pci),and we get:WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80Call Trace:free_large_kmallocath12k_dp_freeath12k_core_deinitath12k_pci_remove...The issue is always reproducible from a VM because the MSI addressinginitialization is failing.In order to fix the issue, just set the buffers to NULL after releasing inorder to avoid the double free.
漏洞公开时间：2024-12-27 22:15:26
漏洞创建时间：2024-12-27 22:47:04
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-53191

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/223b546c6222d42147eff034433002ca5e2e7e09
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/90556b96338aa6037cd26dac857327fda7c19732
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/94c9100b600f05a36b33f9ed76dbd6fb0eb25386
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ca68ce0d9f4bcd032fd1334441175ae399642a06
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-53191	https://bugzilla.suse.com/show_bug.cgi?id=1234952
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2024-53191	https://bugzilla.suse.com/show_bug.cgi?id=1234952
suse_bugzilla	https://git.kernel.org/stable/c/223b546c6222d42147eff034433002ca5e2e7e09	https://bugzilla.suse.com/show_bug.cgi?id=1234952
suse_bugzilla	https://git.kernel.org/stable/c/90556b96338aa6037cd26dac857327fda7c19732	https://bugzilla.suse.com/show_bug.cgi?id=1234952
suse_bugzilla	https://git.kernel.org/stable/c/94c9100b600f05a36b33f9ed76dbd6fb0eb25386	https://bugzilla.suse.com/show_bug.cgi?id=1234952
suse_bugzilla	https://git.kernel.org/stable/c/ca68ce0d9f4bcd032fd1334441175ae399642a06	https://bugzilla.suse.com/show_bug.cgi?id=1234952
suse_bugzilla	https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-53191.mbox	https://bugzilla.suse.com/show_bug.cgi?id=1234952
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2334362	https://bugzilla.suse.com/show_bug.cgi?id=1234952
redhat_bugzilla	https://lore.kernel.org/linux-cve-announce/2024122723-CVE-2024-53191-df03@gregkh/T	https://bugzilla.redhat.com/show_bug.cgi?id=2334362
debian		https://security-tracker.debian.org/tracker/CVE-2024-53191

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
linux_kernel	6.6.64	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=223b546c6222d42147eff034433002ca5e2e7e09Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d889913205cf7ebda905b1e62c5867ed4e39f6c2	linuxkernelcves
linux_kernel	6.11.11	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=90556b96338aa6037cd26dac857327fda7c19732Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d889913205cf7ebda905b1e62c5867ed4e39f6c2	linuxkernelcves
linux_kernel	6.12.2	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=94c9100b600f05a36b33f9ed76dbd6fb0eb25386Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d889913205cf7ebda905b1e62c5867ed4e39f6c2	linuxkernelcves
linux_kernel	6.13-rc1	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ca68ce0d9f4bcd032fd1334441175ae399642a06Please	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d889913205cf7ebda905b1e62c5867ed4e39f6c2	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:wifi: ath12k: fix warning when unbindingIf there is an error during some initialization related to firmware,the buffers dp->tx_ring[i].tx_status are released.However this is released again when the device is unbinded (ath12k_pci),and we get:WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80Call Trace:free_large_kmallocath12k_dp_freeath12k_core_deinitath12k_pci_remove...The issue is always reproducible from a VM because the MSI addressinginitialization is failing.In order to fix the issue, just set the buffers to NULL after releasing inorder to avoid the double free.
openEuler评分：
7.8
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-24.03-LTS(6.6.0):受影响
2.openEuler-24.03-LTS-SP1(6.6.0):受影响
3.openEuler-20.03-LTS-SP4(4.19.90):不受影响
4.openEuler-22.03-LTS-SP3(5.10.0):不受影响
5.openEuler-22.03-LTS-SP4(5.10.0):不受影响
6.master(6.6.0):不受影响
7.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP3(5.10.0):否
3.master(6.6.0):否
4.openEuler-24.03-LTS(6.6.0):否
5.openEuler-24.03-LTS-Next(6.6.0):否
6.openEuler-22.03-LTS-SP4(5.10.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
1.openEuler-24.03-LTS(6.6.0):正常修复
2.openEuler-24.03-LTS-SP1(6.6.0):正常修复
3.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
4.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
5.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在
6.openEuler-22.03-LTS-SP3(5.10.0):不受影响-漏洞代码不存在
7.openEuler-22.03-LTS-SP4(5.10.0):不受影响-漏洞代码不存在

src-openEuler/kernel

内容风险标识

评论 (10)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-53191

评论 (10)

搜索帮助

src-openEuler/kernel