{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56714", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-27T15:00:39.857Z", "datePublished": "2024-12-29T08:48:47.681Z", "dateUpdated": "2025-05-04T10:03:09.612Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:03:09.612Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: no double destroy workqueue\n\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let's be sure\nwe're checking for that.\n\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\n\nWe didn't hit this in AER handler testing before because at\nthat time we weren't using a private workqueue. Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn't rerun the AER handler testing since then."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/pensando/ionic/ionic_dev.c"], "versions": [{"version": "9e25450da7006cd6f425248a5b38dad4adb3c981", "lessThan": "13355dd37e22edbcb99c599f783233188740a650", "status": "affected", "versionType": "git"}, {"version": "9e25450da7006cd6f425248a5b38dad4adb3c981", "lessThan": "746e6ae2e202b062b9deee7bd86d94937997ecd7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/pensando/ionic/ionic_dev.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.7", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.12.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/13355dd37e22edbcb99c599f783233188740a650"}, {"url": "https://git.kernel.org/stable/c/746e6ae2e202b062b9deee7bd86d94937997ecd7"}], "title": "ionic: no double destroy workqueue", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ACCAC21-7ECC-4FBC-A3F6-FD71065601D7", "versionEndExcluding": "6.12.7", "versionStartIncluding": "6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: no double destroy workqueue\n\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let's be sure\nwe're checking for that.\n\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\n\nWe didn't hit this in AER handler testing before because at\nthat time we weren't using a private workqueue. Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn't rerun the AER handler testing since then."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ionic: no double destroy workqueue Hay algunas rutas de gesti\u00f3n de errores de FW que pueden hacer que intentemos destruir la cola de trabajo m\u00e1s de una vez, as\u00ed que asegur\u00e9monos de que estamos comprobando eso. El caso en el que esto apareci\u00f3 fue en un evento AER donde los controladores fueron llamados de tal manera que ionic_reset_prepare() y, por lo tanto, ionic_dev_teardown() fueron llamados dos veces seguidas. La segunda vez, la cola de trabajo ya estaba destruida y destroy_workqueue() se ahog\u00f3 en el puntero wq defectuoso. No nos topamos con esto en las pruebas del controlador AER antes porque en ese momento no est\u00e1bamos usando una cola de trabajo privada. M\u00e1s tarde reemplazamos el uso de la cola de trabajo del sistema con nuestra propia cola de trabajo privada, pero no hab\u00edamos vuelto a ejecutar la prueba del controlador AER desde entonces."}], "id": "CVE-2024-56714", "lastModified": "2025-10-15T17:42:17.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-29T09:15:06.510", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13355dd37e22edbcb99c599f783233188740a650"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/746e6ae2e202b062b9deee7bd86d94937997ecd7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ionic: no double destroy workqueue", "id": "2334796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334796"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nionic: no double destroy workqueue\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let's be sure\nwe're checking for that.\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\nWe didn't hit this in AER handler testing before because at\nthat time we weren't using a private workqueue. Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn't rerun the AER handler testing since then."], "name": "CVE-2024-56714", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56714\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56714\nhttps://lore.kernel.org/linux-cve-announce/2024122914-CVE-2024-56714-0de2@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-07-13T11:14:03.925233+00:00", "updated": "2025-07-13T11:14:03.925314+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}