Lucene search

K
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-35793
HistoryMay 17, 2024 - 1:15 p.m.

CVE-2024-35793

2024-05-1713:15:59
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
28
linux kernel
vulnerability
debugfs
fix
wait handling
cancellation handling
remove
deadlocks.

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

In the Linux kernel, the following vulnerability has been resolved:

debugfs: fix wait/cancellation handling during remove

Ben Greear further reports deadlocks during concurrent debugfs
remove while files are being accessed, even though the code in
question now uses debugfs cancellations. Turns out that despite
all the review on the locking, we missed completely that the
logic is wrong: if the refcount hits zero we can finish (and
need not wait for the completion), but if it doesn’t we have
to trigger all the cancellations. As written, we can never
get into the loop triggering the cancellations. Fix this, and
explain it better while at it.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.76.7.12
OR
linuxlinux_kernelRange6.8.06.8.3
OR
linuxlinux_kernelRange6.9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/debugfs/inode.c"
    ],
    "versions": [
      {
        "version": "8c88a474357e",
        "lessThan": "e88b5ae01901",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c88a474357e",
        "lessThan": "3d08cca5fd0a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c88a474357e",
        "lessThan": "952c3fce297f",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/debugfs/inode.c"
    ],
    "versions": [
      {
        "version": "6.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.12",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.3",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%