CVE-2024-47668

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated node that might be used later. If we then use that node for a new non-root node, it'll still have a pointer to the old root instead of being zeroed - fix this by zeroing it in the cmpxchg failure path.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*

History

23 Oct 2024, 15:30

Type Values Removed Values Added
CWE CWE-362
References () https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f - () https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f - Patch
References () https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da - () https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da - Patch
References () https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283 - () https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283 - Patch
References () https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 - () https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 - Patch
References () https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae - () https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae - Patch
References () https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e - () https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e - Patch
References () https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7 - () https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7
CPE cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
First Time Linux linux Kernel
Linux

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib/generic-radix-tree.c: Se corrige una ejecución poco frecuente en __genradix_ptr_alloc() Si necesitamos aumentar la profundidad del árbol, asignar un nuevo nodo y luego competir con otro hilo que aumentó la profundidad del árbol antes que nosotros, aún tendremos un nodo preasignado que podría usarse más adelante. Si luego usamos ese nodo para un nuevo nodo que no sea raíz, aún tendrá un puntero a la raíz anterior en lugar de estar a cero: solucione esto poniéndolo a cero en la ruta de falla cmpxchg.

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 15:15

Updated : 2024-10-23 15:30


NVD link : CVE-2024-47668

Mitre link : CVE-2024-47668

CVE.ORG link : CVE-2024-47668


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')