TROYANOSYVIRUS
Volver a CVEs

CVE-2024-41005

MEDIUM
4.7

Descripcion

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU.

Detalles CVE

Puntuacion CVSS v3.14.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado7/12/2024
Ultima modificacion11/3/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

linux:linux_kernel

Debilidades (CWE)

CWE-362

Referencias

https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.