5.5
MEDIUM
CVE-2024-56747
CiscoNetworkDevices DMA Memory Leak Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Hook "qedi_ops->common->sb_init = qed_sb_init" does not release the DMA memory sb_virt when it fails. Add dma_free_coherent() to free it. This is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().

INFO

Published Date :

Dec. 29, 2024, 12:15 p.m.

Last Modified :

April 17, 2025, 8:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2024-56747 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-56747 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-56747.

URL Resource
https://git.kernel.org/stable/c/10a6fc486ac40a410f0fb84cc15161238eccd20a Patch
https://git.kernel.org/stable/c/20b775cf274cfbfa3da871a1108877e17b8b19e1 Patch
https://git.kernel.org/stable/c/4e48e5b26b3edc0e1dd329201ffc924a7a1f9337 Patch
https://git.kernel.org/stable/c/95bbdca4999bc59a72ebab01663d421d6ce5775d Patch
https://git.kernel.org/stable/c/a4d2011cbe039b25024831427b60ab91ee247066 Patch
https://git.kernel.org/stable/c/b778b5240485106abf665eb509cc01779ed0cb00 Patch
https://git.kernel.org/stable/c/bb8b45883eb072adba297922b67d1467082ac880 Patch
https://git.kernel.org/stable/c/cfc76acaf2c4b43d1e140f1e4cbde15adb540bc5 Patch
https://git.kernel.org/stable/c/eaf92fad1f21be63427920c12f22227e5f757424 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
cku-heise/euvd-api-doc

None

Updated: 2 days ago
4 stars 1 fork 1 watcher
Born at : April 16, 2025, 1:43 p.m. This repo has been linked 280 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-56747 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-56747 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 17, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
    Added CWE CWE-401
  • Initial Analysis by [email protected]

    Jan. 07, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-401
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.19.325 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.287 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.231 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.174 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.64 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.11.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.12 up to (excluding) 6.12.2
    Changed Reference Type https://git.kernel.org/stable/c/10a6fc486ac40a410f0fb84cc15161238eccd20a No Types Assigned https://git.kernel.org/stable/c/10a6fc486ac40a410f0fb84cc15161238eccd20a Patch
    Changed Reference Type https://git.kernel.org/stable/c/20b775cf274cfbfa3da871a1108877e17b8b19e1 No Types Assigned https://git.kernel.org/stable/c/20b775cf274cfbfa3da871a1108877e17b8b19e1 Patch
    Changed Reference Type https://git.kernel.org/stable/c/4e48e5b26b3edc0e1dd329201ffc924a7a1f9337 No Types Assigned https://git.kernel.org/stable/c/4e48e5b26b3edc0e1dd329201ffc924a7a1f9337 Patch
    Changed Reference Type https://git.kernel.org/stable/c/95bbdca4999bc59a72ebab01663d421d6ce5775d No Types Assigned https://git.kernel.org/stable/c/95bbdca4999bc59a72ebab01663d421d6ce5775d Patch
    Changed Reference Type https://git.kernel.org/stable/c/a4d2011cbe039b25024831427b60ab91ee247066 No Types Assigned https://git.kernel.org/stable/c/a4d2011cbe039b25024831427b60ab91ee247066 Patch
    Changed Reference Type https://git.kernel.org/stable/c/b778b5240485106abf665eb509cc01779ed0cb00 No Types Assigned https://git.kernel.org/stable/c/b778b5240485106abf665eb509cc01779ed0cb00 Patch
    Changed Reference Type https://git.kernel.org/stable/c/bb8b45883eb072adba297922b67d1467082ac880 No Types Assigned https://git.kernel.org/stable/c/bb8b45883eb072adba297922b67d1467082ac880 Patch
    Changed Reference Type https://git.kernel.org/stable/c/cfc76acaf2c4b43d1e140f1e4cbde15adb540bc5 No Types Assigned https://git.kernel.org/stable/c/cfc76acaf2c4b43d1e140f1e4cbde15adb540bc5 Patch
    Changed Reference Type https://git.kernel.org/stable/c/eaf92fad1f21be63427920c12f22227e5f757424 No Types Assigned https://git.kernel.org/stable/c/eaf92fad1f21be63427920c12f22227e5f757424 Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 29, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Hook "qedi_ops->common->sb_init = qed_sb_init" does not release the DMA memory sb_virt when it fails. Add dma_free_coherent() to free it. This is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().
    Added Reference https://git.kernel.org/stable/c/10a6fc486ac40a410f0fb84cc15161238eccd20a
    Added Reference https://git.kernel.org/stable/c/20b775cf274cfbfa3da871a1108877e17b8b19e1
    Added Reference https://git.kernel.org/stable/c/4e48e5b26b3edc0e1dd329201ffc924a7a1f9337
    Added Reference https://git.kernel.org/stable/c/95bbdca4999bc59a72ebab01663d421d6ce5775d
    Added Reference https://git.kernel.org/stable/c/a4d2011cbe039b25024831427b60ab91ee247066
    Added Reference https://git.kernel.org/stable/c/b778b5240485106abf665eb509cc01779ed0cb00
    Added Reference https://git.kernel.org/stable/c/bb8b45883eb072adba297922b67d1467082ac880
    Added Reference https://git.kernel.org/stable/c/cfc76acaf2c4b43d1e140f1e4cbde15adb540bc5
    Added Reference https://git.kernel.org/stable/c/eaf92fad1f21be63427920c12f22227e5f757424
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-56747 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-56747 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Apr. 26, 2025 5:27