CVE-2024-42250

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42250

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42250.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-42250

Downstream

BELL-CVE-2024-42250

DEBIAN-CVE-2024-42250

DLA-4008-1

OESA-2024-2124

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

UBUNTU-CVE-2024-42250

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Related

Published

2024-08-07T15:14:33Z

Modified

2025-10-22T01:26:41.973777Z

Summary

cachefiles: add missing lock protection when polling

Details

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: add missing lock protection when polling

Add missing lock protection in poll routine when iterating xarray, otherwise:

Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefilesreq) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefilesreq accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0e19a18f998dcabe8be590e0b39660a1f230209b

Fixed

97cfd5e20ddc2e33e16ce369626ce76c9a475fd7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

18943864342705fa18dd4e6b8d608491fec81f6e

Fixed

6bb6bd3dd6f382dfd36220d4b210a0c77c066651

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b817e22b2e91257ace32a6768c3c003faeaa1c5c

Fixed

8eadcab7f3dd809edbe5ae20533ff843dfea3a07

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b817e22b2e91257ace32a6768c3c003faeaa1c5c

Fixed

cf5bb09e742a9cf6349127e868329a8f69b7a014

Affected versions

v6.*

v6.10-rc1

v6.7

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6

v6.9.7

v6.9.8

v6.9.9

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.9.10