CVE-2024-50060
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/10/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
io_uring: check if we need to reschedule during overflow flush<br />
<br />
In terms of normal application usage, this list will always be empty.<br />
And if an application does overflow a bit, it&#39;ll have a few entries.<br />
However, nothing obviously prevents syzbot from running a test case<br />
that generates a ton of overflow entries, and then flushing them can<br />
take quite a while.<br />
<br />
Check for needing to reschedule while flushing, and drop our locks and<br />
do so if necessary. There&#39;s no state to maintain here as overflows<br />
always prune from head-of-list, hence it&#39;s fine to drop and reacquire<br />
the locks at the end of the loop.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.113 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6 (including) | 6.6.57 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.11 (including) | 6.11.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c
- https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0
- https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53
- https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html