Lucene search
LinuxVULNRICHMENT:CVE-2024-42250HistoryAug 07, 2024 - 3:14 p.m.
CVE-2024-42250 cachefiles: add missing lock protection when polling
2024-08-0715:14:33
Linux
github.com
linux kernel
vulnerability
resolved
cachefiles
missing lock protection
poll routine
xarray
rcu read lock
spinlock
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: add missing lock protection when polling
Add missing lock protection in poll routine when iterating xarray,
otherwise:
Even with RCU read lock held, only the slot of the radix tree is
ensured to be pinned there, while the data structure (e.g. struct
cachefiles_req) stored in the slot has no such guarantee. The poll
routine will iterate the radix tree and dereference cachefiles_req
accordingly. Thus RCU read lock is not adequate in this case and
spinlock is needed here.
Related
debiancve
debiancve
CVE-2024-42250
2024-08-07 16:15:47
redhatcve
redhatcve
CVE-2024-42250
2024-08-08 17:48:01
osv
osv
CVE-2024-42250
2024-08-07 16:15:47
Security update for the Linux Kernel
2024-09-10 14:10:24
Security update for the Linux Kernel
2024-09-10 09:06:25
cvelist
cvelist
CVE-2024-42250 cachefiles: add missing lock protection when polling
2024-08-07 15:14:33
nvd
nvd
CVE-2024-42250
2024-08-07 16:15:47
cve
cve
CVE-2024-42250
2024-08-07 16:15:47
ubuntucve
ubuntucve
CVE-2024-42250
2024-08-07 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3195-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3194-1)
2024-09-11 00:00:00
AI Score
6.5
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-42250