TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2024-41005

MEDIUM
4.7

Beschreibung

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU.

CVE Details

CVSS v3.1 Bewertung4.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht7/12/2024
Zuletzt geandert11/3/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

linux:linux_kernel

Schwachen (CWE)

CWE-362

Referenzen

https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.