Huawei EulerOS: CVE-2024-42285: kernel security update

Huawei EulerOS: CVE-2024-42285: kernel security update

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

08/17/2024

Created

01/23/2025

Added

01/21/2025

Modified

01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished.

Solution(s)

• huawei-euleros-2_0_sp8-upgrade-bpftool
• huawei-euleros-2_0_sp8-upgrade-kernel
• huawei-euleros-2_0_sp8-upgrade-kernel-devel
• huawei-euleros-2_0_sp8-upgrade-kernel-headers
• huawei-euleros-2_0_sp8-upgrade-kernel-tools
• huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs
• huawei-euleros-2_0_sp8-upgrade-perf
• huawei-euleros-2_0_sp8-upgrade-python-perf
• huawei-euleros-2_0_sp8-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-42285
• CVE - 2024-42285
• EulerOS-SA-2025-1123