Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-44957

HistorySep 04, 2024 - 7:15 p.m.

CVE-2024-44957

2024-09-0419:15:30

CWE-667

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

cve-2024-44957

fixed

mutex

spinlock

irqfds

xen privcmd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

xen: privcmd: Switch from mutex to spinlock for irqfds

irqfd_wakeup() gets EPOLLHUP, when it is called by
eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which
gets called under spin_lock_irqsave(). We can’t use a mutex here as it
will lead to a deadlock.

Fix it by switching over to a spin lock.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<6.6.46

linuxlinux_kernelRange6.7–6.10.5

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3

git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e

git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2024-44957