CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime make sure that cmd->lock is grabbed for clearing the flag and the requeue.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17.15:*:*:*:*:*:*:*

History

22 Oct 2024, 16:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 7.0

22 Oct 2024, 15:17

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:5.17.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Linux linux Kernel
Linux
CWE CWE-416
References () https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7 - () https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7 - Patch
References () https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d - () https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d - Patch
References () https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc - () https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc - Patch
References () https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b - () https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b - Patch
References () https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990 - () https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990 - Patch
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nbd: se corrige la ejecución entre el tiempo de espera y la finalización normal. Si el tiempo de espera de la solicitud lo maneja nbd_requeue_cmd(), la finalización normal debe detenerse para evitar completar esta solicitud en cola; se pueden activar otros use after free. Corrija la ejecución borrando NBD_CMD_INFLIGHT en nbd_requeue_cmd(); mientras tanto, asegúrese de que cmd->lock se captura para borrar la bandera y la puesta en cola.

21 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 13:15

Updated : 2024-10-22 16:12


NVD link : CVE-2024-49855

Mitre link : CVE-2024-49855

CVE.ORG link : CVE-2024-49855


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free