In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between timeout and normal completion
If request timetout is handled by nbd_requeue_cmd(), normal completion
has to be stopped for avoiding to complete this requeued request, other
use-after-free can be triggered.
Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime
make sure that cmd->lock is grabbed for clearing the flag and the
requeue.
References
Configurations
Configuration 1 (hide)
|
History
22 Oct 2024, 16:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
22 Oct 2024, 15:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:5.17.15:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Linux linux Kernel
Linux |
|
CWE | CWE-416 | |
References | () https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7 - Patch | |
References | () https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d - Patch | |
References | () https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc - Patch | |
References | () https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b - Patch | |
References | () https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990 - Patch | |
Summary |
|
21 Oct 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-21 13:15
Updated : 2024-10-22 16:12
NVD link : CVE-2024-49855
Mitre link : CVE-2024-49855
CVE.ORG link : CVE-2024-49855
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free