Lucene search

Redhat.comRH:CVE-2024-44957

HistorySep 04, 2024 - 8:45 p.m.

CVE-2024-44957

2024-09-0420:45:36

redhat.com

access.redhat.com

linux kernel

vulnerability fix

xen

privcmd

mutex

spinlock

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx-;>wqh, EPOLLHUP), which gets called under spin_lock_irqsave(). We can’t use a mutex here as it will lead to a deadlock. Fix it by switching over to a spin lock.

References

bugzilla.redhat.com/show_bug.cgi?id=2309788

lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44957-5c8e@gregkh/T

nvd.nist.gov/vuln/detail/CVE-2024-44957

www.cve.org/CVERecord?id=CVE-2024-44957

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for RH:CVE-2024-44957