CVE-2024-35792 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/48dd260fdb728eda4a246f635d1325e82f0d3555
https://git.kernel.org/stable/c/c0afb6b88fbbc177fa322a835f874be217bffe45
https://git.kernel.org/stable/c/eb2a41a8ae8c8c4f68aef3bd94665c0cf23e04be
https://lore.kernel.org/linux-cve-announce/2024051708-CVE-2024-35792-d944@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35792
https://www.cve.org/CVERecord?id=CVE-2024-35792

History

Mon, 11 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T12:24:53.112Z

Updated: 2026-05-11T20:11:07.861Z

Reserved: 2024-05-17T12:19:12.339Z

Link: CVE-2024-35792

Vulnrichment

Updated: 2024-08-02T03:21:47.351Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T13:15:58.950

Modified: 2024-11-21T09:20:54.380

Link: CVE-2024-35792

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35792 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-35792", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.339Z", "datePublished": "2024-05-17T12:24:53.112Z", "dateUpdated": "2026-05-11T20:11:07.861Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:11:07.861Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: rk3288 - Fix use after free in unprepare\n\nThe unprepare call must be carried out before the finalize call\nas the latter can free the request."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/rockchip/rk3288_crypto_ahash.c"], "versions": [{"version": "c66c17a0f69b0e017bbc01d999a28ed96ee84826", "lessThan": "48dd260fdb728eda4a246f635d1325e82f0d3555", "status": "affected", "versionType": "git"}, {"version": "c66c17a0f69b0e017bbc01d999a28ed96ee84826", "lessThan": "eb2a41a8ae8c8c4f68aef3bd94665c0cf23e04be", "status": "affected", "versionType": "git"}, {"version": "c66c17a0f69b0e017bbc01d999a28ed96ee84826", "lessThan": "c0afb6b88fbbc177fa322a835f874be217bffe45", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/rockchip/rk3288_crypto_ahash.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/48dd260fdb728eda4a246f635d1325e82f0d3555"}, {"url": "https://git.kernel.org/stable/c/eb2a41a8ae8c8c4f68aef3bd94665c0cf23e04be"}, {"url": "https://git.kernel.org/stable/c/c0afb6b88fbbc177fa322a835f874be217bffe45"}], "title": "crypto: rk3288 - Fix use after free in unprepare", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35792", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:22:56.349397Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:41.714Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.351Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/48dd260fdb728eda4a246f635d1325e82f0d3555", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb2a41a8ae8c8c4f68aef3bd94665c0cf23e04be", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c0afb6b88fbbc177fa322a835f874be217bffe45", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/48dd260fdb728eda4a246f635d1325e82f0d3555", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb2a41a8ae8c8c4f68aef3bd94665c0cf23e04be", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c0afb6b88fbbc177fa322a835f874be217bffe45", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.351Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35792", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:22:56.349397Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T15:23:01.975Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "crypto: rk3288 - Fix use after free in unprepare", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c66c17a0f69b", "lessThan": "48dd260fdb72", "versionType": "git"}, {"status": "affected", "version": "c66c17a0f69b", "lessThan": "eb2a41a8ae8c", "versionType": "git"}, {"status": "affected", "version": "c66c17a0f69b", "lessThan": "c0afb6b88fbb", "versionType": "git"}], "programFiles": ["drivers/crypto/rockchip/rk3288_crypto_ahash.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.24", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/crypto/rockchip/rk3288_crypto_ahash.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/48dd260fdb728eda4a246f635d1325e82f0d3555"}, {"url": "https://git.kernel.org/stable/c/eb2a41a8ae8c8c4f68aef3bd94665c0cf23e04be"}, {"url": "https://git.kernel.org/stable/c/c0afb6b88fbbc177fa322a835f874be217bffe45"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: rk3288 - Fix use after free in unprepare\n\nThe unprepare call must be carried out before the finalize call\nas the latter can free the request."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:29:03.145Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35792", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:21:47.351Z", "dateReserved": "2024-05-17T12:19:12.339Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T12:24:53.112Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: crypto: rk3288 - Fix use after free in unprepare", "id": "2281050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281050"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: rk3288 - Fix use after free in unprepare\nThe unprepare call must be carried out before the finalize call\nas the latter can free the request.", "A vulnerability was found in the Linux kernel's rockchip rk3288_crypto_ahash.c driver in the rk_hash_run() function, where a use-after-free scenario can occur. This flaw is caused by improper function call ordering, where\u00a0 rk_hash_unprepare() is called after crypto_finalize_hash_request(). This may free some of the memory used by rk_hash_unprepare() and lead to a use-after-free, possibly leading to memory corruption or system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35792", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35792\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35792\nhttps://lore.kernel.org/linux-cve-announce/2024051708-CVE-2024-35792-d944@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}