CVE-2024-44957

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which gets called under spin_lock_irqsave(). We can't use a mutex here as it will lead to a deadlock. Fix it by switching over to a spin lock.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

06 Sep 2024, 16:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3 - () https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3 - Patch
References () https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e - () https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e - Patch
References () https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c - () https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c - Patch
First Time Linux linux Kernel
Linux
CWE CWE-667

05 Sep 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen: privcmd: Cambiar de mutex a spinlock para irqfds irqfd_wakeup() obtiene EPOLLHUP, cuando es llamado por eventfd_release() por medio de wake_up_poll(&ctx->wqh, EPOLLHUP), que se llama bajo spin_lock_irqsave(). No podemos usar un mutex aquí ya que conduciría a un interbloqueo. Arréglelo cambiando a un spinlock.

04 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 19:15

Updated : 2024-09-06 16:37


NVD link : CVE-2024-44957

Mitre link : CVE-2024-44957

CVE.ORG link : CVE-2024-44957


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-667

Improper Locking