CVE-2024-56709

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56709

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56709.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56709

Downstream

BELL-CVE-2024-56709

DEBIAN-CVE-2024-56709

DLA-4076-1

OESA-2025-1032

OESA-2025-1033

OESA-2025-1035

OESA-2025-1036

OESA-2025-1037

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

UBUNTU-CVE-2024-56709

USN-7379-1

USN-7381-1

USN-7382-1

USN-7513-1

USN-7513-2

USN-7513-3

USN-7513-4

USN-7513-5

USN-7514-1

USN-7515-1

USN-7515-2

USN-7522-1

USN-7523-1

USN-7524-1

Related

Published

2024-12-29T09:15:05Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring: check if iowq is killed before queuing

task work can be executed after the task has gone through iouring termination, whether it's the final taskwork run or the fallback path. In this case, task work will find ->iowq being already killed and null'ed, which is a problem if it then tries to forward the request to ioqueueiowq(). Make ioqueue_iowq() fail requests in this case.

Note that it also checks PFKTHREAD, because the user can first close a DEFERTASKRUN ring and shortly after kill the task, in which case ->iowq check would race.

References

Affected packages