Lucene search

GoogleOSV:CVE-2024-44957

HistorySep 04, 2024 - 7:15 p.m.

CVE-2024-44957

2024-09-0419:15:30

Google

osv.dev

linux kernel

privcmd

vulnerability

fixed

spinlock

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved:

xen: privcmd: Switch from mutex to spinlock for irqfds

irqfd_wakeup() gets EPOLLHUP, when it is called by
eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which
gets called under spin_lock_irqsave(). We can’t use a mutex here as it
will lead to a deadlock.

Fix it by switching over to a spin lock.

References

git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3

git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e

git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c

security-tracker.debian.org/tracker/CVE-2024-44957

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON

Related for OSV:CVE-2024-44957