CVE-2024-50294
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/11/2024
Last modified:
01/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
rxrpc: Fix missing locking causing hanging calls<br />
<br />
If a call gets aborted (e.g. because kafs saw a signal) between it being<br />
queued for connection and the I/O thread picking up the call, the abort<br />
will be prioritised over the connection and it will be removed from<br />
local->new_client_calls by rxrpc_disconnect_client_call() without a lock<br />
being held. This may cause other calls on the list to disappear if a race<br />
occurs.<br />
<br />
Fix this by taking the client_call_lock when removing a call from whatever<br />
list its ->wait_link happens to be on.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2.1 (including) | 6.6.61 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.8 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page