TROYANOSYVIRUS
Voltar para CVEs

CVE-2024-41005

MEDIUM
4.7

Descricao

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822) <snip> read to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2: netpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393) netpoll_send_udp (net/core/netpoll.c:?) <snip> value changed: 0x0000000a -> 0xffffffff This happens because netpoll_owner_active() needs to check if the current CPU is the owner of the lock, touching napi->poll_owner non atomically. The ->poll_owner field contains the current CPU holding the lock. Use an atomic read to check if the poll owner is the current CPU.

Detalhes CVE

Pontuacao CVSS v3.14.7
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado7/12/2024
Ultima modificacao11/3/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

linux:linux_kernel

Fraquezas (CWE)

CWE-362

Referencias

https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/3f1a155950a1685ffd0fd7175b3f671da8771f3d(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/43c0ca793a18578a0f5b305dd77fcf7ed99f1265(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/96826b16ef9c6568d31a1f6ceaa266411a46e46c(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/a130e7da73ae93afdb4659842267eec734ffbd57(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/c2e6a872bde9912f1a7579639c5ca3adf1003916(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/efd29cd9c7b8369dfc7bcb34637e6bf1a188aa8e(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.