CVE-2024-47730 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2024-47730?

CVE-2024-47730 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's HiSilicon QM crypto accelerator driver could allow attackers to cause memory corruption or potentially execute arbitrary code. This affects systems using HiSilicon hardware acceleration with vulnerable kernel versions. Attackers need local access to exploit this vulnerability.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's HiSilicon QM crypto accelerator driver could allow attackers to cause memory corruption or potentially execute arbitrary code. This affects systems using HiSilicon hardware acceleration with vulnerable kernel versions. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Linux kernel with HiSilicon QM crypto accelerator driver

Versions: Kernel versions containing the vulnerable code before the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with HiSilicon hardware acceleration enabled. The vulnerability is in the driver code, not the hardware itself.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level execution, potentially leading to full system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Kernel panic leading to denial of service (system crash) or memory corruption causing system instability.

🟢

If Mitigated

Limited to denial of service if proper kernel hardening and access controls prevent privilege escalation.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could exploit this for privilege escalation or denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of memory layout. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 801d64177faaec184cee1e1aa4d8487df1364a54, 85e81103033324d7a271dafb584991da39554a89, 98d3be34c9153eceadb56de50d9f9347e88d86e4, aa3e0db35a60002fb34ef0e4ad203aa59fd00203, b04f06fc0243600665b3b50253869533b7938468

Vendor Advisory: https://git.kernel.org/stable/c/801d64177faaec184cee1e1aa4d8487df1364a54

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version or commit hash.

🔧 Temporary Workarounds

Disable HiSilicon QM accelerator

linux

Temporarily disable the vulnerable driver module if not required

sudo modprobe -r hisi_qm
echo 'blacklist hisi_qm' | sudo tee /etc/modprobe.d/blacklist-hisi_qm.conf

🧯 If You Can't Patch

Restrict local access to systems using strict user permissions and access controls
Implement kernel hardening measures like SELinux/AppArmor to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check if the hisi_qm module is loaded: lsmod | grep hisi_qm. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from your distribution, or verify the fix commit is present in kernel source.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to hisi_qm driver
System crashes or unexpected reboots
dmesg errors mentioning memory corruption or use-after-free

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for kernel panic events or module loading errors related to hisi_qm in system logs

📊 Metadata

CVE ID: CVE-2024-47730

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 21, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47730, you might also want to check these: