CVE-2024-26617
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
11/03/2024
Last modified:
12/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
fs/proc/task_mmu: move mmu notification mechanism inside mm lock<br />
<br />
Move mmu notification mechanism inside mm lock to prevent race condition<br />
in other components which depend on it. The notifier will invalidate<br />
memory range. Depending upon the number of iterations, different memory<br />
ranges would be invalidated.<br />
<br />
The following warning would be removed by this patch:<br />
WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734<br />
<br />
There is no behavioural and performance change with this patch when<br />
there is no component registered with the mmu notifier.<br />
<br />
[akpm@linux-foundation.org: narrow the scope of `range&#39;, per Sean]
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page