In the Linux kernel, the following vulnerability has been resolved:
cachefiles: add missing lock protection when polling
Add missing lock protection in poll routine when iterating xarray,
otherwise:
Even with RCU read lock held, only the slot of the radix tree is
ensured to be pinned there, while the data structure (e.g. struct
cachefiles_req) stored in the slot has no such guarantee. The poll
routine will iterate the radix tree and dereference cachefiles_req
accordingly. Thus RCU read lock is not adequate in this case and
spinlock is needed here.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 08 Aug 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 08 Aug 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-667 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
Wed, 07 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine when iterating xarray, otherwise: Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefiles_req) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefiles_req accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here. | |
Title | cachefiles: add missing lock protection when polling | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-08-07T15:14:33.997Z
Updated: 2024-12-19T09:14:51.690Z
Reserved: 2024-07-30T07:40:12.256Z
Link: CVE-2024-42250
Vulnrichment
Updated: 2024-09-11T12:42:24.105Z
NVD
Status : Analyzed
Published: 2024-08-07T16:15:47.567
Modified: 2024-08-08T20:55:19.780
Link: CVE-2024-42250
Redhat