CVE-2024-56709

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56709
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56709.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-56709
Downstream
Related
Published
2024-12-29T09:15:05Z
Modified
2025-08-09T19:01:28Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring: check if iowq is killed before queuing

task work can be executed after the task has gone through iouring termination, whether it's the final taskwork run or the fallback path. In this case, task work will find ->iowq being already killed and null'ed, which is a problem if it then tries to forward the request to ioqueueiowq(). Make ioqueue_iowq() fail requests in this case.

Note that it also checks PFKTHREAD, because the user can first close a DEFERTASKRUN ring and shortly after kill the task, in which case ->iowq check would race.

References

Affected packages