Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-42250
HistoryAug 07, 2024 - 3:14 p.m.

CVE-2024-42250 cachefiles: add missing lock protection when polling

2024-08-0715:14:33
Linux
www.cve.org
8
linux kernel
vulnerability
cachefiles
lock protection
polling
xarray
rcu
spinlock

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: add missing lock protection when polling

Add missing lock protection in poll routine when iterating xarray,
otherwise:

Even with RCU read lock held, only the slot of the radix tree is
ensured to be pinned there, while the data structure (e.g. struct
cachefiles_req) stored in the slot has no such guarantee. The poll
routine will iterate the radix tree and dereference cachefiles_req
accordingly. Thus RCU read lock is not adequate in this case and
spinlock is needed here.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/cachefiles/daemon.c"
    ],
    "versions": [
      {
        "version": "0e19a18f998d",
        "lessThan": "97cfd5e20ddc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "189438643427",
        "lessThan": "6bb6bd3dd6f3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b817e22b2e91",
        "lessThan": "8eadcab7f3dd",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b817e22b2e91",
        "lessThan": "cf5bb09e742a",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/cachefiles/daemon.c"
    ],
    "versions": [
      {
        "version": "6.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.8",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.10",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

debiancve 1
redhatcve 1
osv 3
nvd 1
cve 1
ubuntucve 1
vulnrichment 1
nessus 2
debiancve
debiancve
CVE-2024-42250
2024-08-07 16:15:47
redhatcve
redhatcve
CVE-2024-42250
2024-08-08 17:48:01
osv
osv
CVE-2024-42250
2024-08-07 16:15:47
Security update for the Linux Kernel
2024-09-10 14:10:24
Security update for the Linux Kernel
2024-09-10 09:06:25
nvd
nvd
CVE-2024-42250
2024-08-07 16:15:47
cve
cve
CVE-2024-42250
2024-08-07 16:15:47
ubuntucve
ubuntucve
CVE-2024-42250
2024-08-07 00:00:00
vulnrichment
vulnrichment
CVE-2024-42250 cachefiles: add missing lock protection when polling
2024-08-07 15:14:33
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3195-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3194-1)
2024-09-11 00:00:00

EPSS

0

Percentile

5.0%

JSON
Related for CVELIST:CVE-2024-42250
debiancve1redhatcve1osv3nvd1cve1ubuntucve1vulnrichment1nessus2