In the Linux kernel, the following vulnerability has been resolved:
cachefiles: add missing lock protection when polling
Add missing lock protection in poll routine when iterating xarray,
otherwise:
Even with RCU read lock held, only the slot of the radix tree is
ensured to be pinned there, while the data structure (e.g. struct
cachefiles_req) stored in the slot has no such guarantee. The poll
routine will iterate the radix tree and dereference cachefiles_req
accordingly. Thus RCU read lock is not adequate in this case and
spinlock is needed here.
References
Configurations
History
08 Aug 2024, 20:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://git.kernel.org/stable/c/6bb6bd3dd6f382dfd36220d4b210a0c77c066651 - Patch | |
References | () https://git.kernel.org/stable/c/8eadcab7f3dd809edbe5ae20533ff843dfea3a07 - Patch | |
References | () https://git.kernel.org/stable/c/97cfd5e20ddc2e33e16ce369626ce76c9a475fd7 - Patch | |
References | () https://git.kernel.org/stable/c/cf5bb09e742a9cf6349127e868329a8f69b7a014 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Linux linux Kernel
Linux |
|
CWE | CWE-667 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
07 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-07 16:15
Updated : 2024-08-08 20:55
NVD link : CVE-2024-42250
Mitre link : CVE-2024-42250
CVE.ORG link : CVE-2024-42250
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-667
Improper Locking