Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-41080
HistoryJul 29, 2024 - 3:15 p.m.

CVE-2024-41080

2024-07-2915:15:15
CWE-667
Linux
web.nvd.nist.gov
57
linux kernel
io_uring
vulnerability fix
deadlock
locks

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix possible deadlock in io_register_iowq_max_workers()

The io_register_iowq_max_workers() function calls io_put_sq_data(),
which acquires the sqd->lock without releasing the uring_lock.
Similar to the commit 009ad9f0c6ee (“io_uring: drop ctx->uring_lock
before acquiring sqd->lock”), this can lead to a potential deadlock
situation.

To resolve this issue, the uring_lock is released before calling
io_put_sq_data(), and then it is re-acquired after the function call.

This change ensures that the locks are acquired in the correct
order, preventing the possibility of a deadlock.

Affected configurations

Nvd
Vulners
Node
linuxlinux_kernelRange<6.9.11
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "io_uring/register.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "b571a367502c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "73254a297c2d",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "io_uring/register.c"
    ],
    "versions": [
      {
        "version": "6.9.11",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

osv 5
debiancve 1
redhatcve 1
vulnrichment 1
nvd 1
cvelist 1
nessus 4
osv
osv
CVE-2024-41080
2024-07-29 15:15:15
Security update for the Linux Kernel
2024-09-11 15:39:03
Security update for the Linux Kernel
2024-09-10 08:46:37
debiancve
debiancve
CVE-2024-41080
2024-07-29 15:15:15
redhatcve
redhatcve
CVE-2024-41080
2024-09-03 06:11:08
vulnrichment
vulnrichment
CVE-2024-41080 io_uring: fix possible deadlock in io_register_iowq_max_workers()
2024-07-29 15:04:17
nvd
nvd
CVE-2024-41080
2024-07-29 15:15:15
cvelist
cvelist
CVE-2024-41080 io_uring: fix possible deadlock in io_register_iowq_max_workers()
2024-07-29 15:04:17
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)
2024-09-12 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3194-1)
2024-09-11 00:00:00

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.4%

JSON
Related for CVE-2024-41080
osv5debiancve1redhatcve1vulnrichment1nvd1cvelist1nessus4