In the Linux kernel, the following vulnerability has been resolved: aio:
Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs
to be the last access to the wait queue entry - it effectively unlocks
access. Previously, finish_wait() would see the empty list head and skip
taking the lock, and then we’d return - but the completion path would still
attempt to do the wakeup after the task_struct pointer had been
overwritten.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd (6.9-rc3)
git.kernel.org/stable/c/9678bcc6234d83759fe091c197f5017a32b468da
git.kernel.org/stable/c/caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd
launchpad.net/bugs/cve/CVE-2024-35874
nvd.nist.gov/vuln/detail/CVE-2024-35874
security-tracker.debian.org/tracker/CVE-2024-35874
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
www.cve.org/CVERecord?id=CVE-2024-35874