• CVE-2024-26686

发布时间: 2024年5月17日

修改时间: 2024年10月31日

概要

In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless.

CVSS v3 指标

NVD openEuler
Confidentiality None None
Attack Vector Local Local
CVSS评分 5.5 5.5
Attack Complexity Low Low
Privileges Required Low Low
Scope Unchanged Unchanged
Integrity None None
User Interaction None None
Availability High High

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-4777 kernel security update 2025年2月17日
KylinSec-SA-2024-4953 kernel security update 2025年2月28日

影响产品

产品 状态
KY3.4-4A kernel Fixed
KY3.5.2 kernel Fixed
KY3.4-5 kernel Fixed
KY3.5.1 kernel Fixed