TROYANOSYVIRUS
Back to CVEs

CVE-2024-41005

MEDIUM
4.7

Description

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU.

CVE Details

CVSS v3.1 Score4.7
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published7/12/2024
Last Modified11/3/2025
Sourcenvd
Honeypot Sightings0

Affected Products

linux:linux_kernel

Weaknesses (CWE)

CWE-362

References

https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.